Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!
Software Exposure is the new unknown. But not for long.
Manage Software Exposure at the Speed of DevOps
Gartner Magic Quadrant for Application Security Testing, 2018
The Complete Guide to Developer Secure Coding Education
CISO of Brussels Airlines answers "Why Checkmarx?"
Checkmarx is pioneering Software Exposure
Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United States.
Based on a report released Tuesday by Checkmarx, the Loftek DSS-2200 and VStarcam C7837WIP allow a malicious user to easily exploit the devices. Not only can adversaries enlist them into DDoS botnets, but they can also gain control of additional devices that share the same network.
Click here to read the full article
Checkmarx researchers have analyzed a couple of IP cameras from Loftek and VStarcam and discovered several new vulnerabilities and variations of previously found flaws.
In Loftek’s CXS 2200 camera, experts discovered cross-site request forgery (CSRF) flaws that can be exploited to add new admin users, server-side request forgery (SSRF) flaws that can be used for denial-of-service (DoS) attacks and to find other devices on the local network or the Internet, stored cross-site scripting (XSS) bugs that can be used to execute arbitrary code, and file disclosure vulnerabilities.
In the VStarcam C7837WIP camera, researchers found stored XSS, open redirect, and forced factory reset weaknesses. Both cameras allow attackers to manipulate HTTP responses, which can be useful for conducting XSS, cross-user defacement, cache poisoning and page hijacking attacks.
Today’s cyber landscape leaves no room for mistakes when it comes to the security of software and applications. Enterprises are well aware of the harsh consequences of a cyberattack. Moreover, with end users expecting software vendors to deliver cutting edge software at the speed of light, enterprises find themselves constantly juggling between quick releases and secure releases. “The current approach toward fixing security vulnerabilities at the end of the software development lifecycle creates a recurring cycle of delivery delays,” states Emmanuel Benzaquen, Checkmarx’s CEO. In light of this, Checkmarx is reshaping the ways of application security testing by tapping into the DevOps cycle as early as where developers are coding, making security a seamless and effortless component of the process. “We believe the sooner security vulnerabilities are fixed, the faster the application delivery will be,” he adds.
Click here to read the full article
Application security testing company Checkmarx has now acquired the somewhat aggressively named Codebashing, a company that specializes in game-like application security education and training for software application developers.
Read the full article on Forbes
Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.
Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.
Click here to continue reading
Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don’t address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.
Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster.
Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.
By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.
Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.
Israel's Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.
Click here to continue reading
Israel’s Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.
Checkmarx acquires security education provider
Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security knowledge and deliver secure apps.
According to Checkmarx, traditional ways of coding education such as long training courses is not effective. The company hopes to redefine secure coding education with Codebashing by providing hands-on interactive training.
Read the full article here
Checkmarx has acquired Codebashing, an application security training company.
The application security testing firm said on Monday that the deal is expected to improve Checkmarx's training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.
Continue reading on ZD Net
The application security testing firm said on Monday that the deal is expected to improve Checkmarx’s training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.