Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing
Software Exposure is the new unknown. But not for long.
Manage Software Exposure at the Speed of DevOps
Gartner Magic Quadrant for Application Security Testing, 2019
The Complete Guide to Developer Secure Coding Education
CISO of Brussels Airlines answers "Why Checkmarx?"
Checkmarx is pioneering Software Exposure
Checkmarx researchers have analyzed a couple of IP cameras from Loftek and VStarcam and discovered several new vulnerabilities and variations of previously found flaws.
In Loftek’s CXS 2200 camera, experts discovered cross-site request forgery (CSRF) flaws that can be exploited to add new admin users, server-side request forgery (SSRF) flaws that can be used for denial-of-service (DoS) attacks and to find other devices on the local network or the Internet, stored cross-site scripting (XSS) bugs that can be used to execute arbitrary code, and file disclosure vulnerabilities.
In the VStarcam C7837WIP camera, researchers found stored XSS, open redirect, and forced factory reset weaknesses. Both cameras allow attackers to manipulate HTTP responses, which can be useful for conducting XSS, cross-user defacement, cache poisoning and page hijacking attacks.
Click here to read the full article
Today’s cyber landscape leaves no room for mistakes when it comes to the security of software and applications. Enterprises are well aware of the harsh consequences of a cyberattack. Moreover, with end users expecting software vendors to deliver cutting edge software at the speed of light, enterprises find themselves constantly juggling between quick releases and secure releases. “The current approach toward fixing security vulnerabilities at the end of the software development lifecycle creates a recurring cycle of delivery delays,” states Emmanuel Benzaquen, Checkmarx’s CEO. In light of this, Checkmarx is reshaping the ways of application security testing by tapping into the DevOps cycle as early as where developers are coding, making security a seamless and effortless component of the process. “We believe the sooner security vulnerabilities are fixed, the faster the application delivery will be,” he adds.
Click here to read the full article
Application security testing company Checkmarx has now acquired the somewhat aggressively named Codebashing, a company that specializes in game-like application security education and training for software application developers.
Read the full article on Forbes
Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.
Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.
Click here to continue reading
Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don’t address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.
Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster.
Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.
By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.
Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.
Israel's Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.
Click here to continue reading
Israel’s Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.
Checkmarx acquires security education provider
Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security knowledge and deliver secure apps.
According to Checkmarx, traditional ways of coding education such as long training courses is not effective. The company hopes to redefine secure coding education with Codebashing by providing hands-on interactive training.
Read the full article here
Checkmarx has acquired Codebashing, an application security training company.
The application security testing firm said on Monday that the deal is expected to improve Checkmarx's training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.
Continue reading on ZD Net
The application security testing firm said on Monday that the deal is expected to improve Checkmarx’s training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.
Nor is it the first time that a vulnerable plugin has provided a route into WordPress. In 2013, Checkmarx released a report showing that 20 percent of WordPress plugins and seven of the top 10 ecommerce plugins were vulnerable to basic web attacks.
If an attacker were to find a list of plugins that a site uses, they could simply run a scan for known vulnerabilities in those plugins. Most recently, researchers found a “severe” SQL injection vulnerability in the gallery management plugin, NextGEN Gallery.
Amit Ashbel, cyber-security evangelist at Checkmarx, told SC Media UK that the popularity of the platform endures in spite of those holes: “Multiple large scale enterprises and SMBs use WordPress because it really does simplify managing and maintaining a web application. The real power of WordPress are its thousands of plugins which are developed by third parties and are there to provide additional functionality.”
Continue reading on SC Media UK