In the News

How Checkmarx Is Helping Developers Improve Mobile Security Skills

26 Oct 2017 | By Tom Smith

Checkmarx has launched new mobile security courses for developers. The interactive courses include secure coding for Android Java, Android Kotlin, iOS Objective C, and iOS Swift.

There are 9 free courses which can be found here. For each of the languages, there are one or two free exercises in each course depending on how many total exercises are offered. To have access to all the exercises, there is a paid option to upgrade.

Checkmarx has launched new mobile security courses for developers. The interactive courses include secure coding for Android Java, Android Kotlin, iOS Objective C, and iOS Swift.

There are 9 free courses which can be found here. For each of the languages, there are one or two free exercises in each course depending on how many total exercises are offered. To have access to all the exercises, there is a paid option to upgrade.


</close>

Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses

17 Oct 2017 | By DevOps Digest

The importance of integrating security tests in the software development life cycle is commonly discussed and widely agreed upon, yet getting developers to write secure code to begin with is known to be a challenge. According to the SANS 2016 State of Application Security survey, the lack of application security (AppSec) skills, tools and methods are top challenges organizations face when implementing AppSec solutions.

The importance of integrating security tests in the software development life cycle is commonly discussed and widely agreed upon, yet getting developers to write secure code to begin with is known to be a challenge. According to the SANS 2016 State of Application Security survey, the lack of application security (AppSec) skills, tools and methods are top challenges organizations face when implementing AppSec solutions.


</close>

ShiftLeft’s new cybersecurity platform customizes itself for every workload

11 Oct 2017 | By Maria Deutscher

Thanks to sophisticated development tools and practices that have emerged in recent years, application teams are producing code faster than ever. The downside is that the shorter release cycles become, the less time is left to check for potential security flaws.

Thanks to sophisticated development tools and practices that have emerged in recent years, application teams are producing code faster than ever. The downside is that the shorter release cycles become, the less time is left to check for potential security flaws.


</close>

Cloud-native apps push static code analysis tools to the limit

27 Sep 2017 | By Cameron McKenzie

Matt Rose is the global director of application security strategy at Checkmarx, an organization that provides static code analysis tools that play a key role in the secure software testing phase of the software development lifecycle. In other words, Mr. Rose knows a thing or two about securing applications.
Read the full interview here

Matt Rose is the global director of application security strategy at Checkmarx, an organization that provides static code analysis tools that play a key role in the secure software testing phase of the software development lifecycle. In other words, Mr. Rose knows a thing or two about securing applications.
Read the full interview here


</close>

Pumpkin-Spiced Cybersecurity: October Is National Cyber Security Awareness Month

27 Sep 2017 | By Jimmy H. Koo

Cyberattacks, including global ransomware attacks, massive data breaches, and distributed denial-of-service attacks have recently dominated the headlines, saturating consumers’ news intake with stories about cybersecurity threats. These repeated reminders of the cybersecurity boogie man, ways to protect personally identifiable information, and advertisements for products to fight hackers, can lead to security fatigue, which in turn may lead to risky computing behavior.

 

“Companies need to realize that security fatigue is a real thing,” Matt Rose, global director of application security strategy at Checkmarx Ltd. in Charlotte, N.C. told Bloomberg BNA Sept. 27. “Things like text verification, captcha, finger print recognition, and strong passwords may actually introduce more of a security risk as the company now has more data points on a customer in order to verify they are who they are,” he said.

Click here to continue reading

Cyberattacks, including global ransomware attacks, massive data breaches, and distributed denial-of-service attacks have recently dominated the headlines, saturating consumers’ news intake with stories about cybersecurity threats. These repeated reminders of the cybersecurity boogie man, ways to protect personally identifiable information, and advertisements for products to fight hackers, can lead to security fatigue, which in turn may lead to risky computing behavior.

 

“Companies need to realize that security fatigue is a real thing,” Matt Rose, global director of application security strategy at Checkmarx Ltd. in Charlotte, N.C. told Bloomberg BNA Sept. 27. “Things like text verification, captcha, finger print recognition, and strong passwords may actually introduce more of a security risk as the company now has more data points on a customer in order to verify they are who they are,” he said.

Click here to continue reading


</close>

A bug fix always beats a round of risk assessments

26 Sep 2017 | By Cameron McKenzie

“Many organizations have an effective process for identifying problems, but no process for remediation,” said Matt Rose, the global director of application security strategy at Checkmarx. “Organizations do a lot of signing off on risk. Instead of saying ‘let’s remediate that’ they say ‘what’s the likelihood of this actually happening?'”

 

Sadly, the trend towards cloud-native, DevOps based development hasn’t reversed the this trend towards preferring risk assessment over problem remediation. The goal of any team that is embracing DevOps and implementing a system of continuous delivery is to eliminate as many manual processes as possible. A big part of that process is integrating software quality and static code analysis tools into the continuous integration server’s build process. But simply automating the process isn’t enough. “A lot of times people just automate and don’t actually remediate,” said Rose.

Continue reading on The Server Side

“Many organizations have an effective process for identifying problems, but no process for remediation,” said Matt Rose, the global director of application security strategy at Checkmarx. “Organizations do a lot of signing off on risk. Instead of saying ‘let’s remediate that’ they say ‘what’s the likelihood of this actually happening?’”

 

Sadly, the trend towards cloud-native, DevOps based development hasn’t reversed the this trend towards preferring risk assessment over problem remediation. The goal of any team that is embracing DevOps and implementing a system of continuous delivery is to eliminate as many manual processes as possible. A big part of that process is integrating software quality and static code analysis tools into the continuous integration server’s build process. But simply automating the process isn’t enough. “A lot of times people just automate and don’t actually remediate,” said Rose.

Continue reading on The Server Side


</close>

CloudBees, partners add Jenkins services, security

25 Sep 2017 | By Darryl K. Taft

For its part, Checkmarx, an application security software company, introduced a new release of its Interactive Application Security Testing product, CxIAST. The product enables continuous application security testing in real time, so software delivery schedules are not affected by security testing.

Click here to continue reading

For its part, Checkmarx, an application security software company, introduced a new release of its Interactive Application Security Testing product, CxIAST. The product enables continuous application security testing in real time, so software delivery schedules are not affected by security testing.

Click here to continue reading


</close>

Containers and microservices complicate cloud-native security

13 Sep 2017 | By Cameron McKenzie

But not every data breach can be blamed on an end user, which is why developers must be vigilant when it comes to cloud-native security. According to Matt Rose, global director of application security strategy at Checkmarx, it's commonplace for his software company's static code analysis tools to identify places where input isn't properly validated -- making SQL injection a very plausible threat -- administrative passwords are exposed in plain text, opportunities exist for buffer overruns and private user information is inadvertently written to the file system.

But not every data breach can be blamed on an end user, which is why developers must be vigilant when it comes to cloud-native security. According to Matt Rose, global director of application security strategy at Checkmarx, it’s commonplace for his software company’s static code analysis tools to identify places where input isn’t properly validated — making SQL injection a very plausible threat — administrative passwords are exposed in plain text, opportunities exist for buffer overruns and private user information is inadvertently written to the file system.


</close>

Jenkins World 2017 Highlights the Growing Ubiquity of Continuous Integration

31 Aug 2017 | By Alex Handy

Matt Rose, global director of application security strategy at Checkmarx, said that Jenkins is the bellwether for the CI/CD world. “Most of our customers are using Jenkins in some way. I see a lot of people in the evolution stage of true CI/CD. Very few feel they are 100 percent there right now,” said Rose. He was at Jenkins World to help spread the gospel of static analysis as part of the build and test process.

Click here to continue reading.

 

Matt Rose, global director of application security strategy at Checkmarx, said that Jenkins is the bellwether for the CI/CD world. “Most of our customers are using Jenkins in some way. I see a lot of people in the evolution stage of true CI/CD. Very few feel they are 100 percent there right now,” said Rose. He was at Jenkins World to help spread the gospel of static analysis as part of the build and test process.

Click here to continue reading.

 


</close>

Gigster receives $20M in funding, Checkmarx’s DevSecOps platform, and Okta’s two-factor authentication — SD Times news digest: August 30, 2017

30 Aug 2017 | By Madison Moore

At Jenkins World 2017, Checkmarx announced its new Interactive Application Security Testing solution, CxIAST, which gives teams continuous application security testing in real time, with zero scan time, accuracy and seamless implementation.

 

“CxIAST is a game changer for organizations who are struggling to deliver secure software faster,” said Maty Siman, CTO and founder, Checkmarx. “Our unified AppSec platform correlates data and results from all Checkmarx products across the software development lifecycle and then leverages that information intelligently to generate fast, accurate and actionable results.”

Continue reading

At Jenkins World 2017, Checkmarx announced its new Interactive Application Security Testing solution, CxIAST, which gives teams continuous application security testing in real time, with zero scan time, accuracy and seamless implementation.

 

“CxIAST is a game changer for organizations who are struggling to deliver secure software faster,” said Maty Siman, CTO and founder, Checkmarx. “Our unified AppSec platform correlates data and results from all Checkmarx products across the software development lifecycle and then leverages that information intelligently to generate fast, accurate and actionable results.”

Continue reading


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.