In the News

Checkmarx Tells Us Why App Developers Should Care About App Security

18 Aug 2016 | By Richard Harris

We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-scene.

ADM: What is Checkmarx and how does it differ from other security software’s that are currently available for developers?

Benzaquen: Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. For enterprise companies who want to minimize application security risks, Checkmarx provides products and services to detect and eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST provides faster feedback loops and higher accuracy resulting in wider developer adoption.
For DevOps and AppSec professionals who want to embed security as part of the continuous integration flow, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST seamlessly fits into the continuous integration tool chain, without imposing delays. For AppSec professionals who want developers to take ownership of application security, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST can be easily adapted to the application code, resulting in higher accuracy and wider developer adoption.
Continue reading the interview in App Developer Magazine

We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-scene.

ADM: What is Checkmarx and how does it differ from other security software’s that are currently available for developers?

Benzaquen: Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. For enterprise companies who want to minimize application security risks, Checkmarx provides products and services to detect and eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST provides faster feedback loops and higher accuracy resulting in wider developer adoption.
For DevOps and AppSec professionals who want to embed security as part of the continuous integration flow, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST seamlessly fits into the continuous integration tool chain, without imposing delays. For AppSec professionals who want developers to take ownership of application security, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST can be easily adapted to the application code, resulting in higher accuracy and wider developer adoption.
Continue reading the interview in App Developer Magazine

</close>

Data Security & The NSA – Amit Ashbel on i24 News

17 Aug 2016 | By Amit Ashbel

Watch Checkmarx's Amit Ashbel discuss who could be behind the recent N.S.A. hack as well as their possible motives on i24 news. Original interview on i24 here.

Watch Checkmarx’s Amit Ashbel discuss who could be behind the recent N.S.A. hack as well as their possible motives on i24 news. Original interview on i24 here.


</close>

Security Threats Ready to Attack Your Business

17 Aug 2016 | By DE Brown

If your application was a bird, what would it be? An eagle soaring above the competition and proactively avoiding threats, or an ostrich with its head buried in the sand and oblivious to any potential attacks? When it comes to security, most applications are akin to the ostrich. Despite application security impacting an organization’s brand perception and even its bottom line, many businesses do not test their applications for security, instead relying on basic internal checks and only resolving vulnerabilities if they become a problem.

This reactive approach can have a disastrous effect when a vulnerability in your application is exploited by a malicious third party. Repercussions such as reputational damage, data breaches, loss of customer confidence, excessive downtime and potentially expensive remediation and legal costs could permanently clip your organization’s wings.

Despite such catastrophic consequences, application security is often not at the forefront of many organizations’ minds. According to application security solution provider Checkmarx, organizations should shift their focus from securing network parameters to protecting the application level. It identified five of the most common and serious application security threats your business must watch out for.

Continue reading this article on Newswire.net

If your application was a bird, what would it be? An eagle soaring above the competition and proactively avoiding threats, or an ostrich with its head buried in the sand and oblivious to any potential attacks? When it comes to security, most applications are akin to the ostrich. Despite application security impacting an organization’s brand perception and even its bottom line, many businesses do not test their applications for security, instead relying on basic internal checks and only resolving vulnerabilities if they become a problem.

This reactive approach can have a disastrous effect when a vulnerability in your application is exploited by a malicious third party. Repercussions such as reputational damage, data breaches, loss of customer confidence, excessive downtime and potentially expensive remediation and legal costs could permanently clip your organization’s wings.

Despite such catastrophic consequences, application security is often not at the forefront of many organizations’ minds. According to application security solution provider Checkmarx, organizations should shift their focus from securing network parameters to protecting the application level. It identified five of the most common and serious application security threats your business must watch out for.

Continue reading this article on Newswire.net


</close>

Security Guy Radio Interview with Checkmarx’s Amit Ashbel

13 Aug 2016 | By Chuck Harold

The team at Security Guy Radio caught up with Checkmarx Cyber Security Evangelist Amit Ashbel at Black Hat Vegas this year. Amit talked to Security Guy Radio about what Checkmarx does and why both developers and security teams alike choose Checkmarx as their security testing solution of choice. Listen to the podcast below or head to Security Guy Radio on Soundcloud.

The team at Security Guy Radio caught up with Checkmarx Cyber Security Evangelist Amit Ashbel at Black Hat Vegas this year. Amit talked to Security Guy Radio about what Checkmarx does and why both developers and security teams alike choose Checkmarx as their security testing solution of choice. Listen to the podcast below or head to Security Guy Radio on Soundcloud.


</close>

Reach ’em and teach ’em–educating developers on application security

10 Aug 2016 | By CSO

How are developers supposed to build security throughout the development lifecycle if they are not taught security at any stage of their education? Vulnerabilities exist because products made by developers who have close to no knowledge of security are hitting the market.

Rather than accept the idea that software will never be 100 percent secure, academia and industry leaders can be more proactive and teach developers how to think about application security.

In a white paper, "App-Sec How-To Guide: Getting your Developers to Beg for Security" security vendor Checkmarx said, "The real secret, then, to getting developers excited about creating secure code is to use those techniques and tools that motivate them in other areas of their work: a way to visualize their work; providing a strong support system; giving solid feedback in a short timeframe; and allowing developers to learn not only from their own mistakes, but also from those developers around them."

Asaph Schulman, vice president of marketing at Checkmarx, said that focusing on security throughout the development process demands understanding the most common application layer security vulnerabilities. "SQL injection is one," said Schulman. "Any teenager with a 'Hacking for Dummies' book can exploit and create huge damage with something so simple."

Continue reading this article on CSO Online

How are developers supposed to build security throughout the development lifecycle if they are not taught security at any stage of their education? Vulnerabilities exist because products made by developers who have close to no knowledge of security are hitting the market.

Rather than accept the idea that software will never be 100 percent secure, academia and industry leaders can be more proactive and teach developers how to think about application security.

In a white paper, “App-Sec How-To Guide: Getting your Developers to Beg for Security” security vendor Checkmarx said, “The real secret, then, to getting developers excited about creating secure code is to use those techniques and tools that motivate them in other areas of their work: a way to visualize their work; providing a strong support system; giving solid feedback in a short timeframe; and allowing developers to learn not only from their own mistakes, but also from those developers around them.”

Asaph Schulman, vice president of marketing at Checkmarx, said that focusing on security throughout the development process demands understanding the most common application layer security vulnerabilities. “SQL injection is one,” said Schulman. “Any teenager with a ‘Hacking for Dummies’ book can exploit and create huge damage with something so simple.”

Continue reading this article on CSO Online


</close>

From download to deposit, mobile banking only as safe as your app

10 Aug 2016 | By Alyssa Oursler

Once upon a time, depositing a check required actually visiting a bank. Now, the same task can be as simple as taking out your smartphone, opening an app and snapping a picture. But as mobile banking increasingly replaces, or at least supplements, traditional banking, questions arise about the trade-offs between security and convenience.

The good news is that security experts tend to agree on some common, simple guidelines for more secure mobile banking.  First off, never download banking apps on a jailbroken device — one that's been modified to let users make changes and download apps not approved — because the operating system's security layer is no longer enforced, warns Amit Ashbel, a cybersecurity expert with Checkmarx. Similarly, apps should only be downloaded from a phone’s native app store. Android users especially should be wary of anything that requires third-party permissions.

Continue reading this article on USA Today

Once upon a time, depositing a check required actually visiting a bank. Now, the same task can be as simple as taking out your smartphone, opening an app and snapping a picture. But as mobile banking increasingly replaces, or at least supplements, traditional banking, questions arise about the trade-offs between security and convenience.

The good news is that security experts tend to agree on some common, simple guidelines for more secure mobile banking.  First off, never download banking apps on a jailbroken device — one that’s been modified to let users make changes and download apps not approved — because the operating system’s security layer is no longer enforced, warns Amit Ashbel, a cybersecurity expert with Checkmarx. Similarly, apps should only be downloaded from a phone’s native app store. Android users especially should be wary of anything that requires third-party permissions.

Continue reading this article on USA Today


</close>

AppSec for dummies: Protecting your organization from application layer security threats

5 Aug 2016 | By Pentago

I never thought it would happen to me. Unfortunately this kind of thinking applies to so many situations in day to day life. Having your phone stolen from your unlocked car in the ten seconds it took you to pay for gas. Losing two years’ worth of photos because you didn’t back up your personal computer.

As part of an organization, there is a high probability high impact risk you take every day with your applications’ security if you aren’t taking the proper application security precautions. In other words, a very bad thing is very likely to happen.

But how do you manage the seemingly many application security risks? Application security Checkmarx offers a detailed guide to the 5 main methodologies in use today, and a short summary is below.

Read the whole article on Toolbox.com

I never thought it would happen to me. Unfortunately this kind of thinking applies to so many situations in day to day life. Having your phone stolen from your unlocked car in the ten seconds it took you to pay for gas. Losing two years’ worth of photos because you didn’t back up your personal computer.

As part of an organization, there is a high probability high impact risk you take every day with your applications’ security if you aren’t taking the proper application security precautions. In other words, a very bad thing is very likely to happen.

But how do you manage the seemingly many application security risks? Application security Checkmarx offers a detailed guide to the 5 main methodologies in use today, and a short summary is below.

Read the whole article on Toolbox.com


</close>

Checkmarx Announces Exclusive Partnership with TOYO Corporation

3 Aug 2016 | By

Checkmarx, a global leader in software application security, today announced it has entered into an exclusive agency partnership with TOYO, leader of the world's most advanced measurement instruments and systems, to offer Checkmarx’ flagship Static Application Security Testing tool “Checkmarx CxSAST” to TOYO customers as a security solution at the source code level. With Checkmarx CxSAST, TOYO will enable its customers to develop and implement secure code more effectively and mitigate security risks prevalent within IoT connected environments.

Checkmarx CxSAST, which specializes in detecting vulnerabilities in source codes and making it visible for developing secure applications, will be a critical component to software development sites around the world that rely on TOYO’s services across the entire system development process from modules to complex large-scale products.

“Since Checkmarx' founding in 2006, our commitment is to enable organizations to detect and remediate security vulnerabilities within their software application. TOYO's renowned services and measurement technology ties perfectly into our application security solutions, further extending our capabilities across the Software Development Lifecycle (SDLC),” said Emmanuel Benzaquen, CEO of Checkmarx. “Together, our combined strength and experience will enable our customers to better measure the security posture of their application code. We’re absolutely thrilled for this new partnership with TOYO, and together we will support businesses and developers building and deploying secure software."

TOYO has considerable experience marketing support and software development tools for companies focused on developing embedded systems for enterprises. With the growth in IoT and FinTech, customers are now demanding new solutions for security and system vulnerabilities. TOYO will expand and reinforce its business by providing new services for these two key areas.

“With IoT and FinTech expanding, "Secure Coding," the practice of developing software programs eliminating security vulnerabilities, has been gaining greater importance, along with the guarantee of software and application quality.

Checkmarx' globally esteemed security static analysis tool "CxSAST" combined with our accumulated static analysis know-how for source code quality improvement will allow us to offer solutions for developing more secure, safer software and applications of higher quality.

We guarantee our customers in Japan that we will provide greater solutions and services through our strategic and firm partnership with Checkmarx," said Mitsuru Onodera, Senior VP TOYO Corporation.

About TOYO
TOYO Corporation has been mainly providing state-of-the-art “measurement tools” importing from western vendors for Japanese researchers and developers, as its mission to contribute to the advancement of Japanese technologies with a keyword “Technology and Information” since the time of its founding in 1953. Technical abilities of our engineers accounting for 70% of all employees that are over 530 people back up the efforts, for instance, providing repair/calibration works, technical supports, in-house development at “TOYO Technical Center," and holding all kinds of seminars for customers in “Technology Interface Center."

 

Read the original release here.

Checkmarx, a global leader in software application security, today announced it has entered into an exclusive agency partnership with TOYO, leader of the world’s most advanced measurement instruments and systems, to offer Checkmarx’ flagship Static Application Security Testing tool “Checkmarx CxSAST” to TOYO customers as a security solution at the source code level. With Checkmarx CxSAST, TOYO will enable its customers to develop and implement secure code more effectively and mitigate security risks prevalent within IoT connected environments.

Checkmarx CxSAST, which specializes in detecting vulnerabilities in source codes and making it visible for developing secure applications, will be a critical component to software development sites around the world that rely on TOYO’s services across the entire system development process from modules to complex large-scale products.

“Since Checkmarx’ founding in 2006, our commitment is to enable organizations to detect and remediate security vulnerabilities within their software application. TOYO’s renowned services and measurement technology ties perfectly into our application security solutions, further extending our capabilities across the Software Development Lifecycle (SDLC),” said Emmanuel Benzaquen, CEO of Checkmarx. “Together, our combined strength and experience will enable our customers to better measure the security posture of their application code. We’re absolutely thrilled for this new partnership with TOYO, and together we will support businesses and developers building and deploying secure software.”

TOYO has considerable experience marketing support and software development tools for companies focused on developing embedded systems for enterprises. With the growth in IoT and FinTech, customers are now demanding new solutions for security and system vulnerabilities. TOYO will expand and reinforce its business by providing new services for these two key areas.

“With IoT and FinTech expanding, “Secure Coding,” the practice of developing software programs eliminating security vulnerabilities, has been gaining greater importance, along with the guarantee of software and application quality.

Checkmarx’ globally esteemed security static analysis tool “CxSAST” combined with our accumulated static analysis know-how for source code quality improvement will allow us to offer solutions for developing more secure, safer software and applications of higher quality.

We guarantee our customers in Japan that we will provide greater solutions and services through our strategic and firm partnership with Checkmarx,” said Mitsuru Onodera, Senior VP TOYO Corporation.

About TOYO
TOYO Corporation has been mainly providing state-of-the-art “measurement tools” importing from western vendors for Japanese researchers and developers, as its mission to contribute to the advancement of Japanese technologies with a keyword “Technology and Information” since the time of its founding in 1953. Technical abilities of our engineers accounting for 70% of all employees that are over 530 people back up the efforts, for instance, providing repair/calibration works, technical supports, in-house development at “TOYO Technical Center,” and holding all kinds of seminars for customers in “Technology Interface Center.”

 

Read the original release here.


</close>

Pokémon GO—Sacrificing Privacy to Catch ‘Em All?

27 Jul 2016 | By Jimmy H. Koo

Players of Pokémon GO, a wildly popular location-based augmented reality game, may be missing real life threats to their private information.

Pokémon GO creates several privacy and security concerns, particularly for children playing the game, including geolocation tracking, excessive collection of personal data and possible sale of such information to third parties, privacy and security professionals told Bloomberg BNA.

By collecting geolocation data, Niantic is able to “keep track of anyone, at any time, while they're playing the game or letting it run in the background,” Asaph Schulman, vice president of marketing at app security company Checkmarx Ltd. in Tel Aviv, told Bloomberg BNA. Additionally, Schulman said, the game's privacy policy allows Niantic to share aggregate information with third parties, “effectively giving them the right to sell users' geolocation data.”

Continue reading this article on Bloomberg BNA

Players of Pokémon GO, a wildly popular location-based augmented reality game, may be missing real life threats to their private information.

Pokémon GO creates several privacy and security concerns, particularly for children playing the game, including geolocation tracking, excessive collection of personal data and possible sale of such information to third parties, privacy and security professionals told Bloomberg BNA.

By collecting geolocation data, Niantic is able to “keep track of anyone, at any time, while they’re playing the game or letting it run in the background,” Asaph Schulman, vice president of marketing at app security company Checkmarx Ltd. in Tel Aviv, told Bloomberg BNA. Additionally, Schulman said, the game’s privacy policy allows Niantic to share aggregate information with third parties, “effectively giving them the right to sell users’ geolocation data.”

Continue reading this article on Bloomberg BNA


</close>

5 ‘Mr. Robot’ Hacks That Could Happen in Real Life

20 Jul 2016 | By Sarah Vonnegut

Hollywood hacking films have given the job of hacker a sort of glamour, with their fast-fingered hacks taking over the world, while in picture perfect makeup. And the InfoSec community has hated every single second of them.  But where other movies and shows  (We’re looking at you, CSI:Cyber) take the hacking scenes way too liberally with no root in reality, one show has held up as a beacon of hope for how hacking can be realistically portrayed on the silver screen: Mr. Robot.

Although real-life security issues -- hackers finding XSS and blind SQLi vulnerabilities -- surrounded the premier season last year, the show itself actively works to mimic real-life security and hacking scenarios. From accurate computer code, to the realism of using social engineering in getting the information needed for an attack, to the actual tools and slang the characters use, Mr. Robot has been mostly spot-on with the security stuff -- and the InfoSec community has sounded its approval.

Continue reading this article on DarkReading

Hollywood hacking films have given the job of hacker a sort of glamour, with their fast-fingered hacks taking over the world, while in picture perfect makeup. And the InfoSec community has hated every single second of them.  But where other movies and shows  (We’re looking at you, CSI:Cyber) take the hacking scenes way too liberally with no root in reality, one show has held up as a beacon of hope for how hacking can be realistically portrayed on the silver screen: Mr. Robot.

Although real-life security issues — hackers finding XSS and blind SQLi vulnerabilities — surrounded the premier season last year, the show itself actively works to mimic real-life security and hacking scenarios. From accurate computer code, to the realism of using social engineering in getting the information needed for an attack, to the actual tools and slang the characters use, Mr. Robot has been mostly spot-on with the security stuff — and the InfoSec community has sounded its approval.

Continue reading this article on DarkReading


</close>