In the News

Checkmarx Announces AppSec Coach

19 Sep 2016 | By

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

 

 

Read the original release on Devops Digest

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

 

 

Read the original release on Devops Digest


</close>

Checkmarx wants to help developers write more secure code

19 Sep 2016 | By Maria Deutscher

An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Read more of the article on SiliconANGLE here

An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Read more of the article on SiliconANGLE here


</close>

New products of the week 9.19.16

19 Sep 2016 | By Ryan Francis
AppSec Coach

Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed most. More info.

Continue reading on Network World.
AppSec Coach

Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed most. More info.

Continue reading on Network World.

</close>

Promoting secure code from within: the gamification approach

19 Sep 2016 | By Amit Ashbel

By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing.

Recent research claims that a quarter of third party apps are high risk and although they're banned in some organisations, policing that ban is difficult. Third party apps and especially open source ones are great and play a very important task in today’s development practices, however, in order to ensure they are not putting your applications at risk, developers need to learn how to code securely.

 

Read more on ITProPortal

By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing.

Recent research claims that a quarter of third party apps are high risk and although they’re banned in some organisations, policing that ban is difficult. Third party apps and especially open source ones are great and play a very important task in today’s development practices, however, in order to ensure they are not putting your applications at risk, developers need to learn how to code securely.

 

Read more on ITProPortal


</close>

New products of the week 9.12.16

12 Sep 2016 | By Ryan Francis
CxSAST, Swift Programming Language Support

Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info.

 

 

Read more on Network World here

CxSAST, Swift Programming Language Support

Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info.

 

 

Read more on Network World here


</close>

Checkmarx Announces Support For Swift Programming Language Vulnerability Detection And Remediation

7 Sep 2016 | By Checkmarx

Checkmarx, a global leader in application security testing, today announced Swift language support, providing Checkmarx users with the ability to identify and mitigate security, quality and compliance issues in their Swift code before it reaches production. The new capability adds Swift to the growing list of supported languages that can be scanned for vulnerabilities and compliance issues by Checkmarx’s Source Code Analysis solution, CxSAST.

Swift, one of the fastest growing programming languages in history, is being increasingly adopted by organizations across all verticals. Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now considering implementing Swift as a “first class” language for Android, Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, Lyft, Firefox, LinkedIn and others have adopted Swift into their projects. With Swift now available to the open source community there is little doubt that its uptake will grow even more significantly. Considering its meteoric rise in popularity, and the increasing amount of sensitive personal data contained within Swift applications, there is an urgent need to ensure that all projects written in Swift are properly scanned for security, quality and compliance issues.

Checkmarx scans Swift code for a wide range of potential vulnerabilities including high-level security threats such as SQL injections (SQLi), reflected XSS, buffer overflows, stored XSS and others.

Adding to the extensive list of 20 programming languages already supported by Checkmarx’s CxSAST, the addition of Swift support complements Checkmarx’s superior support for iOS and OS X applications. Checkmarx’s programming language support is operating system agnostic, which serves as a significant advantage for iOS and Swift development shops that can maintain their code security levels even upon new iOS version releases.

“Checkmarx is committed to keeping up with the most advanced development technologies,” says Checkmarx VP of Products Nir Livni. “Many of our customers already use Checkmarx’s CxSAST to deliver secure mobile applications and Swift language support is part of this coverage. Swift is quickly becoming the most popular mobile development language and I am glad we are able to help our customers introduce new mobile applications while ensuring they are secure.”

Read the original release on BusinessWire.

Checkmarx, a global leader in application security testing, today announced Swift language support, providing Checkmarx users with the ability to identify and mitigate security, quality and compliance issues in their Swift code before it reaches production. The new capability adds Swift to the growing list of supported languages that can be scanned for vulnerabilities and compliance issues by Checkmarx’s Source Code Analysis solution, CxSAST.

Swift, one of the fastest growing programming languages in history, is being increasingly adopted by organizations across all verticals. Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now considering implementing Swift as a “first class” language for Android, Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, Lyft, Firefox, LinkedIn and others have adopted Swift into their projects. With Swift now available to the open source community there is little doubt that its uptake will grow even more significantly. Considering its meteoric rise in popularity, and the increasing amount of sensitive personal data contained within Swift applications, there is an urgent need to ensure that all projects written in Swift are properly scanned for security, quality and compliance issues.

Checkmarx scans Swift code for a wide range of potential vulnerabilities including high-level security threats such as SQL injections (SQLi), reflected XSS, buffer overflows, stored XSS and others.

Adding to the extensive list of 20 programming languages already supported by Checkmarx’s CxSAST, the addition of Swift support complements Checkmarx’s superior support for iOS and OS X applications. Checkmarx’s programming language support is operating system agnostic, which serves as a significant advantage for iOS and Swift development shops that can maintain their code security levels even upon new iOS version releases.

“Checkmarx is committed to keeping up with the most advanced development technologies,” says Checkmarx VP of Products Nir Livni. “Many of our customers already use Checkmarx’s CxSAST to deliver secure mobile applications and Swift language support is part of this coverage. Swift is quickly becoming the most popular mobile development language and I am glad we are able to help our customers introduce new mobile applications while ensuring they are secure.”

Read the original release on BusinessWire.


</close>

Election exploits: What you need to know [infographic]

7 Sep 2016 | By CSO staff

In late August, the FBI warned state election officials about an attack on voter registration databases from Illinois and Arizona.

"According to the FBI’s alert, 'an unknown actor' attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster," reported IDG's Michael Kan. "The hackers then found an SQL injection vulnerability — a common attack point in websites — and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia."

It isn't known whether these election database hacks are tied either to the DNC hack or other recent breaches, but Amit Ashbel, director of product marketing at Checkmarx believes it wasn't part of a state-sponsored attack.

The following infographic from application security provider Checkmarx offers an overview of the election breaches, including how the attackers got in and what they stole.

Continue reading the article (and check out the Infographic) on CSO

In late August, the FBI warned state election officials about an attack on voter registration databases from Illinois and Arizona.

“According to the FBI’s alert, ‘an unknown actor’ attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster,” reported IDG’s Michael Kan. “The hackers then found an SQL injection vulnerability — a common attack point in websites — and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia.”

It isn’t known whether these election database hacks are tied either to the DNC hack or other recent breaches, but Amit Ashbel, director of product marketing at Checkmarx believes it wasn’t part of a state-sponsored attack.

The following infographic from application security provider Checkmarx offers an overview of the election breaches, including how the attackers got in and what they stole.

Continue reading the article (and check out the Infographic) on CSO


</close>

Corbyn announces digital ‘bill of rights’

1 Sep 2016 | By Max Metzger

Jeremy Corbyn intends to introduce a digital ‘bill of rights' in the UK.

The leader of the Labour party presented his intentions in Shoreditch as he unveiled the ‘digital democracy manifesto', setting out proposed guarantees for citizens in the online space.

Amit Ashbel, cyber-security evangelist at Checkmarx questions whether the move is purely populism. The notion of a passport, Ashbel told SC, is instantly presented with the problem, “What would make this passport secure? Where will this data be stored and who is in charge of keeping the citizen's identifiable data. I for one would not trust any government organisation to safely store and protect my personal data.”

 

Continue reading this article on SC Magazine

Jeremy Corbyn intends to introduce a digital ‘bill of rights’ in the UK.

The leader of the Labour party presented his intentions in Shoreditch as he unveiled the ‘digital democracy manifesto’, setting out proposed guarantees for citizens in the online space.

Amit Ashbel, cyber-security evangelist at Checkmarx questions whether the move is purely populism. The notion of a passport, Ashbel told SC, is instantly presented with the problem, “What would make this passport secure? Where will this data be stored and who is in charge of keeping the citizen’s identifiable data. I for one would not trust any government organisation to safely store and protect my personal data.”

 

Continue reading this article on SC Magazine


</close>

Real World Problems Solved By Application and Data Security

1 Sep 2016 | By

To gather insights on the state of application and data security, we spoke with 19 executives who are involved in application and data security for their clients. Here's what they told us when we asked them, "What are some real world problems being solved by securing applications and data?"

  • The problems that are solved are those that are never seen – hacks that never happen. Application security stops financial disasters at the Federal Reserve and the IMF. Others enable communications for national defense. Software is eating the world. There are huge efficiencies being driven but these are open to new attacks with everything being on a computer. The potential cost to the reputation of a firm is billions of dollars.
  • We’re not solving the problems. They keep cropping up with OPM, DNC, and Clinton email breaches. We do not have proper application based security.
  • PCI implementation. While this can be daunting, it’s mostly scare tactics versus providing clients guidance the way we do. If you're level four you answer 200 questions and have a firewall. Level one is more but those companies can hire a qualified security associate. OWASP 10, common sense, education – freelance analyst needed to document what they were doing with the data to keep the customers’ information safe.

Read the full article on DZone.com here

To gather insights on the state of application and data security, we spoke with 19 executives who are involved in application and data security for their clients. Here’s what they told us when we asked them, “What are some real world problems being solved by securing applications and data?”

  • The problems that are solved are those that are never seen – hacks that never happen. Application security stops financial disasters at the Federal Reserve and the IMF. Others enable communications for national defense. Software is eating the world. There are huge efficiencies being driven but these are open to new attacks with everything being on a computer. The potential cost to the reputation of a firm is billions of dollars.
  • We’re not solving the problems. They keep cropping up with OPM, DNC, and Clinton email breaches. We do not have proper application based security.
  • PCI implementation. While this can be daunting, it’s mostly scare tactics versus providing clients guidance the way we do. If you’re level four you answer 200 questions and have a firewall. Level one is more but those companies can hire a qualified security associate. OWASP 10, common sense, education – freelance analyst needed to document what they were doing with the data to keep the customers’ information safe.

Read the full article on DZone.com here


</close>

Training Tips to Help Developers Snag Security Gold

29 Aug 2016 | By Darryl K. Taft

The 2016 Summer Olympics in Rio de Janeiro caught the collective attention of the world, which watched as best-in-class athletes from countries from around the world competed for the coveted medals and honor for their countries. For those competing, the road to this year's Summer Olympics was paved with trial and error, grueling training processes and a desire to be the best.

In the enterprise space, companies are competing in their own "Business Olympics" daily as they look to stand apart in their respective space and beat out the competition. One critical element of success for every organization is security and ensuring its employees, customers and partners that its sensitive and that proprietary information is safe and secure.

So developers, listen up! It's never too early to start training if you're going for the gold in security in 2020. Based on conversations with executives at Checkmarx, this eWEEK slide show offers 10 training tips that you'll want to keep in your back pocket.

Check out the original article & slideshow here

The 2016 Summer Olympics in Rio de Janeiro caught the collective attention of the world, which watched as best-in-class athletes from countries from around the world competed for the coveted medals and honor for their countries. For those competing, the road to this year’s Summer Olympics was paved with trial and error, grueling training processes and a desire to be the best.

In the enterprise space, companies are competing in their own “Business Olympics” daily as they look to stand apart in their respective space and beat out the competition. One critical element of success for every organization is security and ensuring its employees, customers and partners that its sensitive and that proprietary information is safe and secure.

So developers, listen up! It’s never too early to start training if you’re going for the gold in security in 2020. Based on conversations with executives at Checkmarx, this eWEEK slide show offers 10 training tips that you’ll want to keep in your back pocket.

Check out the original article & slideshow here


</close>