Another year, another RSA Conference USA in the books! From talking software security and DevOps with thousands of attendees, to launching new research and solutions, and hosting a SoulCycle fitness class for AppSec professionals, we had a blast at this year’s show and couldn’t be more grateful to all who helped make it such a success.
Being a seasoned security professional who has attended RSA Conference for many years, I’ve observed that many of the products and solutions one can find at the show are primarily designed to help manage the symptoms or the results of coming under a cyber-attack. What I’ve also observed is that on the flip side, organizations are still struggling to take proactive and preventative steps to protect their software and applications from the inside-out, before a malicious incident takes place.
With that said, I have seen a shift in today’s organizations increasingly acknowledging that reducing or nearly eliminating coding errors that lead to vulnerabilities first, tremendously reduces their overall software risk. Organizations also understand that the way they develop and depend on software has changed, and never has it exposed them to more risk. It was more evident than ever this year from the conversations we had at our booth and around the show that developers and organizations fully agree that security must be inseparable from software development.
Checkmarx Booth Presentations at RSA Conference USA
To kick off RSA Conference, last Monday, Checkmarx announced the launch of its CxFlow orchestration module for our Software Security Platform that tightly integrates with application release orchestration and agile planning tools. This results in improved operational ‘flow’ of secure software development and the delivery of more actionable vulnerability findings. CxFlow also drives faster adoption by reducing friction between development, DevOps, and DevSecOps, and enabling automated scanning earlier in the code management process by integrating directly into source control management systems or CI/CD tools.
Since organizations agree that they must address vulnerabilities in their software during development, today they are looking for ways to integrate AST solutions in an automated fashion within their development pipelines. Notably, CxFlow is the only AST solution that offers end-to-end automation – from scanning to ticketing.
What else were we up to during RSA Conference? In case you missed anything, keep reading!
On Tuesday, we invited a group of AppSec professionals to join a SoulCycle fitness class hosted by Checkmarx. This 45-minute workout had all of us spinning at the speed of DevOps. Afterwards, attendees were given the opportunity to talk with our experts about their application security needs over some fresh, healthy juices.
Checkmarx SoulCycle Group at RSA Conference USA
On Wednesday, the Checkmarx Security Research team released an important piece of research pertaining to the Trifo Ironpie Smart Vacuum. As a result of the research team’s investigation, several high- and medium-severity security vulnerabilities were discovered, particularly of which involved an exploit path for malicious actors to tap into the device’s camera and live streaming functionalities. A summary of the vulnerabilities can be seen in this blog. Additionally, a video of our team exploiting the discovered vulnerabilities can be found here.
Trifo Ironpie Smart Vacuum
Simultaneously on Wednesday, we hosted a roundtable breakfast, gathering multiple security thought leaders, including our own Erez Yalon, Head of Security Research, along with Anders Wallgren, VP of Technology Strategy at Cloudbees, James Wickett, Senior Security Engineer at Verica, and Jimmy Mesta, Director of Security Research at Signal Sciences. The group, along with additional invited guests, reflected on the current state of application and software security, specifically drilling down into API security issues, common flaws with modern IoT devices, and security challenges today’s organizations most prominently face.
Thought Leadership Roundtable Gathering
Continuing on the research front, Erez presented on Thursday morning in the notable RSAC Sandbox. Erez addressed an engaged crowd about the recent Android vulnerability research that the Checkmarx Research Team published in November 2019. Given the ‘Human Element’ theme of this year’s RSA Conference, Erez heavily focused on the hacker POV, giving an inside look at how adversaries think and escalate vulnerabilities, from an initial entry point to a full-fledged exploit.
Erez Yalon During His Presentation in the RSA Sandbox
Finally, we’re proud to say that Checkmarx was recognized multiple times throughout RSA Conference, most notably winning a 2020 Cyber Defense Magazine InfoSec Award for AppSec and being named by CRN as one of the ‘Coolest’ AppSec companies .
It certainly was an eventful week! Since Checkmarx is dedicated to building software security solutions that address the root cause of nearly every successful attack by finding, classifying, reporting, and demonstrating where and how to fix vulnerabilities in software, we think it’s imperative to attend these events and get the word out to those who are in need of integrated software security solutions that fit within DevOps.