In the News

From download to deposit, mobile banking only as safe as your app

10 Aug 2016 | By Alyssa Oursler

Once upon a time, depositing a check required actually visiting a bank. Now, the same task can be as simple as taking out your smartphone, opening an app and snapping a picture. But as mobile banking increasingly replaces, or at least supplements, traditional banking, questions arise about the trade-offs between security and convenience.

The good news is that security experts tend to agree on some common, simple guidelines for more secure mobile banking.  First off, never download banking apps on a jailbroken device — one that's been modified to let users make changes and download apps not approved — because the operating system's security layer is no longer enforced, warns Amit Ashbel, a cybersecurity expert with Checkmarx. Similarly, apps should only be downloaded from a phone’s native app store. Android users especially should be wary of anything that requires third-party permissions.

Continue reading this article on USA Today

Once upon a time, depositing a check required actually visiting a bank. Now, the same task can be as simple as taking out your smartphone, opening an app and snapping a picture. But as mobile banking increasingly replaces, or at least supplements, traditional banking, questions arise about the trade-offs between security and convenience.

The good news is that security experts tend to agree on some common, simple guidelines for more secure mobile banking.  First off, never download banking apps on a jailbroken device — one that’s been modified to let users make changes and download apps not approved — because the operating system’s security layer is no longer enforced, warns Amit Ashbel, a cybersecurity expert with Checkmarx. Similarly, apps should only be downloaded from a phone’s native app store. Android users especially should be wary of anything that requires third-party permissions.

Continue reading this article on USA Today


</close>

AppSec for dummies: Protecting your organization from application layer security threats

5 Aug 2016 | By Pentago

I never thought it would happen to me. Unfortunately this kind of thinking applies to so many situations in day to day life. Having your phone stolen from your unlocked car in the ten seconds it took you to pay for gas. Losing two years’ worth of photos because you didn’t back up your personal computer.

As part of an organization, there is a high probability high impact risk you take every day with your applications’ security if you aren’t taking the proper application security precautions. In other words, a very bad thing is very likely to happen.

But how do you manage the seemingly many application security risks? Application security Checkmarx offers a detailed guide to the 5 main methodologies in use today, and a short summary is below.

Read the whole article on Toolbox.com

I never thought it would happen to me. Unfortunately this kind of thinking applies to so many situations in day to day life. Having your phone stolen from your unlocked car in the ten seconds it took you to pay for gas. Losing two years’ worth of photos because you didn’t back up your personal computer.

As part of an organization, there is a high probability high impact risk you take every day with your applications’ security if you aren’t taking the proper application security precautions. In other words, a very bad thing is very likely to happen.

But how do you manage the seemingly many application security risks? Application security Checkmarx offers a detailed guide to the 5 main methodologies in use today, and a short summary is below.

Read the whole article on Toolbox.com


</close>

Checkmarx Announces Exclusive Partnership with TOYO Corporation

3 Aug 2016 | By

Checkmarx, a global leader in software application security, today announced it has entered into an exclusive agency partnership with TOYO, leader of the world's most advanced measurement instruments and systems, to offer Checkmarx’ flagship Static Application Security Testing tool “Checkmarx CxSAST” to TOYO customers as a security solution at the source code level. With Checkmarx CxSAST, TOYO will enable its customers to develop and implement secure code more effectively and mitigate security risks prevalent within IoT connected environments.

Checkmarx CxSAST, which specializes in detecting vulnerabilities in source codes and making it visible for developing secure applications, will be a critical component to software development sites around the world that rely on TOYO’s services across the entire system development process from modules to complex large-scale products.

“Since Checkmarx' founding in 2006, our commitment is to enable organizations to detect and remediate security vulnerabilities within their software application. TOYO's renowned services and measurement technology ties perfectly into our application security solutions, further extending our capabilities across the Software Development Lifecycle (SDLC),” said Emmanuel Benzaquen, CEO of Checkmarx. “Together, our combined strength and experience will enable our customers to better measure the security posture of their application code. We’re absolutely thrilled for this new partnership with TOYO, and together we will support businesses and developers building and deploying secure software."

TOYO has considerable experience marketing support and software development tools for companies focused on developing embedded systems for enterprises. With the growth in IoT and FinTech, customers are now demanding new solutions for security and system vulnerabilities. TOYO will expand and reinforce its business by providing new services for these two key areas.

“With IoT and FinTech expanding, "Secure Coding," the practice of developing software programs eliminating security vulnerabilities, has been gaining greater importance, along with the guarantee of software and application quality.

Checkmarx' globally esteemed security static analysis tool "CxSAST" combined with our accumulated static analysis know-how for source code quality improvement will allow us to offer solutions for developing more secure, safer software and applications of higher quality.

We guarantee our customers in Japan that we will provide greater solutions and services through our strategic and firm partnership with Checkmarx," said Mitsuru Onodera, Senior VP TOYO Corporation.

About TOYO
TOYO Corporation has been mainly providing state-of-the-art “measurement tools” importing from western vendors for Japanese researchers and developers, as its mission to contribute to the advancement of Japanese technologies with a keyword “Technology and Information” since the time of its founding in 1953. Technical abilities of our engineers accounting for 70% of all employees that are over 530 people back up the efforts, for instance, providing repair/calibration works, technical supports, in-house development at “TOYO Technical Center," and holding all kinds of seminars for customers in “Technology Interface Center."

 

Read the original release here.

Checkmarx, a global leader in software application security, today announced it has entered into an exclusive agency partnership with TOYO, leader of the world’s most advanced measurement instruments and systems, to offer Checkmarx’ flagship Static Application Security Testing tool “Checkmarx CxSAST” to TOYO customers as a security solution at the source code level. With Checkmarx CxSAST, TOYO will enable its customers to develop and implement secure code more effectively and mitigate security risks prevalent within IoT connected environments.

Checkmarx CxSAST, which specializes in detecting vulnerabilities in source codes and making it visible for developing secure applications, will be a critical component to software development sites around the world that rely on TOYO’s services across the entire system development process from modules to complex large-scale products.

“Since Checkmarx’ founding in 2006, our commitment is to enable organizations to detect and remediate security vulnerabilities within their software application. TOYO’s renowned services and measurement technology ties perfectly into our application security solutions, further extending our capabilities across the Software Development Lifecycle (SDLC),” said Emmanuel Benzaquen, CEO of Checkmarx. “Together, our combined strength and experience will enable our customers to better measure the security posture of their application code. We’re absolutely thrilled for this new partnership with TOYO, and together we will support businesses and developers building and deploying secure software.”

TOYO has considerable experience marketing support and software development tools for companies focused on developing embedded systems for enterprises. With the growth in IoT and FinTech, customers are now demanding new solutions for security and system vulnerabilities. TOYO will expand and reinforce its business by providing new services for these two key areas.

“With IoT and FinTech expanding, “Secure Coding,” the practice of developing software programs eliminating security vulnerabilities, has been gaining greater importance, along with the guarantee of software and application quality.

Checkmarx’ globally esteemed security static analysis tool “CxSAST” combined with our accumulated static analysis know-how for source code quality improvement will allow us to offer solutions for developing more secure, safer software and applications of higher quality.

We guarantee our customers in Japan that we will provide greater solutions and services through our strategic and firm partnership with Checkmarx,” said Mitsuru Onodera, Senior VP TOYO Corporation.

About TOYO
TOYO Corporation has been mainly providing state-of-the-art “measurement tools” importing from western vendors for Japanese researchers and developers, as its mission to contribute to the advancement of Japanese technologies with a keyword “Technology and Information” since the time of its founding in 1953. Technical abilities of our engineers accounting for 70% of all employees that are over 530 people back up the efforts, for instance, providing repair/calibration works, technical supports, in-house development at “TOYO Technical Center,” and holding all kinds of seminars for customers in “Technology Interface Center.”

 

Read the original release here.


</close>

Pokémon GO—Sacrificing Privacy to Catch ‘Em All?

27 Jul 2016 | By Jimmy H. Koo

Players of Pokémon GO, a wildly popular location-based augmented reality game, may be missing real life threats to their private information.

Pokémon GO creates several privacy and security concerns, particularly for children playing the game, including geolocation tracking, excessive collection of personal data and possible sale of such information to third parties, privacy and security professionals told Bloomberg BNA.

By collecting geolocation data, Niantic is able to “keep track of anyone, at any time, while they're playing the game or letting it run in the background,” Asaph Schulman, vice president of marketing at app security company Checkmarx Ltd. in Tel Aviv, told Bloomberg BNA. Additionally, Schulman said, the game's privacy policy allows Niantic to share aggregate information with third parties, “effectively giving them the right to sell users' geolocation data.”

Continue reading this article on Bloomberg BNA

Players of Pokémon GO, a wildly popular location-based augmented reality game, may be missing real life threats to their private information.

Pokémon GO creates several privacy and security concerns, particularly for children playing the game, including geolocation tracking, excessive collection of personal data and possible sale of such information to third parties, privacy and security professionals told Bloomberg BNA.

By collecting geolocation data, Niantic is able to “keep track of anyone, at any time, while they’re playing the game or letting it run in the background,” Asaph Schulman, vice president of marketing at app security company Checkmarx Ltd. in Tel Aviv, told Bloomberg BNA. Additionally, Schulman said, the game’s privacy policy allows Niantic to share aggregate information with third parties, “effectively giving them the right to sell users’ geolocation data.”

Continue reading this article on Bloomberg BNA


</close>

5 ‘Mr. Robot’ Hacks That Could Happen in Real Life

20 Jul 2016 | By Sarah Vonnegut

Hollywood hacking films have given the job of hacker a sort of glamour, with their fast-fingered hacks taking over the world, while in picture perfect makeup. And the InfoSec community has hated every single second of them.  But where other movies and shows  (We’re looking at you, CSI:Cyber) take the hacking scenes way too liberally with no root in reality, one show has held up as a beacon of hope for how hacking can be realistically portrayed on the silver screen: Mr. Robot.

Although real-life security issues -- hackers finding XSS and blind SQLi vulnerabilities -- surrounded the premier season last year, the show itself actively works to mimic real-life security and hacking scenarios. From accurate computer code, to the realism of using social engineering in getting the information needed for an attack, to the actual tools and slang the characters use, Mr. Robot has been mostly spot-on with the security stuff -- and the InfoSec community has sounded its approval.

Continue reading this article on DarkReading

Hollywood hacking films have given the job of hacker a sort of glamour, with their fast-fingered hacks taking over the world, while in picture perfect makeup. And the InfoSec community has hated every single second of them.  But where other movies and shows  (We’re looking at you, CSI:Cyber) take the hacking scenes way too liberally with no root in reality, one show has held up as a beacon of hope for how hacking can be realistically portrayed on the silver screen: Mr. Robot.

Although real-life security issues — hackers finding XSS and blind SQLi vulnerabilities — surrounded the premier season last year, the show itself actively works to mimic real-life security and hacking scenarios. From accurate computer code, to the realism of using social engineering in getting the information needed for an attack, to the actual tools and slang the characters use, Mr. Robot has been mostly spot-on with the security stuff — and the InfoSec community has sounded its approval.

Continue reading this article on DarkReading


</close>

Sports Companies Are Now Facing Security Issues Of Tech Companies

19 Jul 2016 | By Solomon David

When asked about Super Bowl XLI, most casual fans will remember the rain soaked classic in Miami that featured Peyton Manning leading the Indianapolis Colts to his first championship. But for those in the cyber-security industry, the game stood out for another, less-publicized reason.

Just days before kickoff, some of the Dolphins’ websites were found to be compromised by malware and were infecting users’ devices as well. Given the timing of the attack, the websites were receiving heavy traffic prior to the Super Bowl. The solution proved to be costly both in terms of time and dollars. Amit Ashbel is the Director of Product Marketing at Checkmarx, a company that seeks to help implement security features at the earliest stages of software development. We spoke to Ashbel about how the company, founded in 2006 shortly before the Dolphins’ hack, is working with developers to ensure that hackers don’t have a way to attack their software in similar ways in today’s even more technologically advanced times.

“While the software industry has been dealing with security risks for a couple of decades already, these new players are not always addressing security properly at first, thus leaving a fertile attack surface for attackers,” Ashbel said, referring to the growth of apps and software in sports and sports media. “Protecting the code at the initial design stage is probably the largest advantage an organization has over the hacker (access to the code itself).”

Continue reading this article at SportTechie.com.

When asked about Super Bowl XLI, most casual fans will remember the rain soaked classic in Miami that featured Peyton Manning leading the Indianapolis Colts to his first championship. But for those in the cyber-security industry, the game stood out for another, less-publicized reason.

Just days before kickoff, some of the Dolphins’ websites were found to be compromised by malware and were infecting users’ devices as well. Given the timing of the attack, the websites were receiving heavy traffic prior to the Super Bowl. The solution proved to be costly both in terms of time and dollars. Amit Ashbel is the Director of Product Marketing at Checkmarx, a company that seeks to help implement security features at the earliest stages of software development. We spoke to Ashbel about how the company, founded in 2006 shortly before the Dolphins’ hack, is working with developers to ensure that hackers don’t have a way to attack their software in similar ways in today’s even more technologically advanced times.

“While the software industry has been dealing with security risks for a couple of decades already, these new players are not always addressing security properly at first, thus leaving a fertile attack surface for attackers,” Ashbel said, referring to the growth of apps and software in sports and sports media. “Protecting the code at the initial design stage is probably the largest advantage an organization has over the hacker (access to the code itself).”

Continue reading this article at SportTechie.com.


</close>

Securing Code to Fight Cyber Crime

19 Jul 2016 | By Amit Ashbel

The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such as the internet of things. However, with these new developments come security risks to both businesses and consumers; hacking and cyber crime are now widely reported.

The first step to combating these increased risks is to secure the application code in order to stop vulnerabilities at the root. Automated application security testing is a vital part of this - but how does automated testing work in practice and what are the benefits of an automated testing process for developers and businesses?

Continue reading this article in Test Magazine here (pages 40-41).

The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such as the internet of things. However, with these new developments come security risks to both businesses and consumers; hacking and cyber crime are now widely reported.

The first step to combating these increased risks is to secure the application code in order to stop vulnerabilities at the root. Automated application security testing is a vital part of this – but how does automated testing work in practice and what are the benefits of an automated testing process for developers and businesses?

Continue reading this article in Test Magazine here (pages 40-41).


</close>

Your website may be engaged in secret criminal activity

16 Jul 2016 | By Ben Dickson

Most of us think of website hacks as illicit activities aimed at siphoning critical information or disrupting the business of website owners. But what happens when your site becomes hacked, not for the purpose of harming you but rather to further the ends of other parties? Most likely, the attackers would manage to feed off your resources and reputation for months or years without being discovered, because it’s hard to take note of something that isn’t directly affecting you.

Source code flaws are at the heart of website hacks

Not all website-related hacks are carried out by compromising the server. Many of them use malvertising, a hacking technique that takes advantage of ad delivery networks and leverages vulnerabilities on client machines such as bugs in Adobe Flash and Microsoft Silverlight.

But where web servers are concerned, source code flaws are the main reason websites are compromised. “Today we see that a major number of attacks against websites are based on vulnerabilities which have not been properly addressed at the code level of the web application,” says Amit Ashbel, director of product marketing of cybersecurity firm Checkmarx.

While developers usually do test the code of their websites, it isn’t necessarily the security flaws they seek. “Unfortunately it is not always common practice to have developers identify and address the vulnerabilities just like they would address functionality bugs triggered by their code,” Ashbel elaborates.

Read the full article on TechCrunch.

Most of us think of website hacks as illicit activities aimed at siphoning critical information or disrupting the business of website owners. But what happens when your site becomes hacked, not for the purpose of harming you but rather to further the ends of other parties? Most likely, the attackers would manage to feed off your resources and reputation for months or years without being discovered, because it’s hard to take note of something that isn’t directly affecting you.

Source code flaws are at the heart of website hacks

Not all website-related hacks are carried out by compromising the server. Many of them use malvertising, a hacking technique that takes advantage of ad delivery networks and leverages vulnerabilities on client machines such as bugs in Adobe Flash and Microsoft Silverlight.

But where web servers are concerned, source code flaws are the main reason websites are compromised. “Today we see that a major number of attacks against websites are based on vulnerabilities which have not been properly addressed at the code level of the web application,” says Amit Ashbel, director of product marketing of cybersecurity firm Checkmarx.

While developers usually do test the code of their websites, it isn’t necessarily the security flaws they seek. “Unfortunately it is not always common practice to have developers identify and address the vulnerabilities just like they would address functionality bugs triggered by their code,” Ashbel elaborates.

Read the full article on TechCrunch.


</close>

The Real Threat Of Cyberterrorism

11 Jul 2016 | By Benjamin Stone

Cyberterrorism: just how real is the threat?

When confronted with the idea of cyberterrorism, much of the population would shrug. How much would a large scale disruption of computer networks or a malware attack on a government actually affect the average person’s life or livelihood? Is cyberterrorism really an imminent threat?

The issue lies with the terrorism part of the word. When compared to the al-Qaeda attack in Burkina Faso, the suicide bombings in Iraq, the Paris attacks, the Brussels bombings, the nightclub shooting in Orlando or any number of atrocities motivated by ideology the world over, cyberterrorism just doesn’t seem to rank. But the threats presented by cyberterrorism both present and future are real, and they’re certainly alarming.

As application security provider Checkmarx states, there is no one solution to guarding against cyberterrorism. With individuals, businesses, organizations, governments and beyond all needing protection against ideologically-motivated attacks and breaches, the scope is simply too huge. However, as Checkmarx also points out, secured websites, applications and infrastructure is rooted in secure application development that starts at the beginning of coding.

Even if you think your organization would never be a target of a cyberterrorism attack, take a lesson from all of the organizations that were affected by data breaches that ultimately landed their users on a list of ISIS targets. Your users are your responsibility, and whether you’re talking hackers or terrorists, it’s a responsibility that can’t be anything other than the highest priority.

Continue reading this article on Information Security Buzz.

Cyberterrorism: just how real is the threat?

When confronted with the idea of cyberterrorism, much of the population would shrug. How much would a large scale disruption of computer networks or a malware attack on a government actually affect the average person’s life or livelihood? Is cyberterrorism really an imminent threat?

The issue lies with the terrorism part of the word. When compared to the al-Qaeda attack in Burkina Faso, the suicide bombings in Iraq, the Paris attacks, the Brussels bombings, the nightclub shooting in Orlando or any number of atrocities motivated by ideology the world over, cyberterrorism just doesn’t seem to rank. But the threats presented by cyberterrorism both present and future are real, and they’re certainly alarming.

As application security provider Checkmarx states, there is no one solution to guarding against cyberterrorism. With individuals, businesses, organizations, governments and beyond all needing protection against ideologically-motivated attacks and breaches, the scope is simply too huge. However, as Checkmarx also points out, secured websites, applications and infrastructure is rooted in secure application development that starts at the beginning of coding.

Even if you think your organization would never be a target of a cyberterrorism attack, take a lesson from all of the organizations that were affected by data breaches that ultimately landed their users on a list of ISIS targets. Your users are your responsibility, and whether you’re talking hackers or terrorists, it’s a responsibility that can’t be anything other than the highest priority.

Continue reading this article on Information Security Buzz.


</close>

Checkmarx and Tantallon help UK financial services institution secure application transition to public cloud

7 Jul 2016 | By Emmanuelle Lamandé

Checkmarx announced that together with its partner Tantallon are working with a major UK financial services group to create a new type of ‘belt and braces’ approach to securing and deploying its applications into the Amazon Web Services cloud.

The customer, a top 3 UK financial institution with assets in excess of £800 billion has made a strategic decision to improve the agility of its software development cycle through the use of web scale architecture and rapid provisioning offered by AWS. However, with a preference to keep all code within the organisation’s own data centres, it was felt that additional security measures were required to protect critical applications moving from the organisation into AWS.

The institution has been working with Tantallon, an independent cyber security consulting firm that provides advisory, implementation and managed services to Fortune 1000 clients and government organisations on a global basis.

As Steve Street, Managing Director for Tantallon explains, “We looked at a number of options, but Checkmarx was the only solution suited to this project as it meets the typical requirement from the financial services sector that no proprietary code should leave an institution’s premises for inspection, while still offering the capability of enforcing and automating code scanning, prior to release to a given Public Cloud.”

The first part of the two stage project has already helped the institution successfully deploy a fully integrated Checkmarx CxSAST static code analysis on-site solution as part of secure Software Development Lifecycle transition, which is scanning millions of lines of code each week. Stage two takes this technology and places a version in AWS offering an equivalent system that automates the scanning process as a last step for apps before making their way to the cloud.

Checkmarx CxSAST is a powerful source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code. Without needing to build or compile a software project’s source code, CxSAST builds a logical graph of the code’s elements and flows which is examined for issues such as security vulnerabilities, compliance issues, and business logic problems. CxSAST comes with an extensive list of hundreds of pre-configured queries for known security vulnerabilities for each programming language including Java, PHP, Scripting languages, like Java Script, and also .NET technologies (C#, vb.Net). Additionally, Checkmarx is scanning mobile platforms such as Android, iOS and windows mobile.

CxSAST provides scan results to the customer as either static reports or in an interactive interface that enables tracking of runtime behaviour per vulnerability through the code, and provides tools and guidelines for remediation. Results can be customised to eliminate false positives, and various types of workflow metadata can be added to each result instance which can be used for subsequent scans to further increase performance.

“Checkmarx has the additional benefit of offering both proprietary and open source code analysis,” explains Street, “along with industry leading support for widest number of languages and deployment methods which is essential as the organisation explores a number of innovative new applications built using the latest development languages.”
The project is part of a wider move to adopt the cloud across the UK Financial services sector as regulatory and compliance hurdles have been overcome through clarification and agreement with the FCA. “The typical application development cycle within financial services has traditionally been sluggish as development teams struggle to navigate through the complexities of the internal processes across disparate systems and networks while adhering to both internal and regulatory guidelines. This project has the potential to help the institution become more agile in its development lifecycle, while strengthening security across the board.” The onsite phase is already deployed while the AWS portion of the project, which will automate much of the development workflow is now underway with more details to follow at a later date.

Checkmarx announced that together with its partner Tantallon are working with a major UK financial services group to create a new type of ‘belt and braces’ approach to securing and deploying its applications into the Amazon Web Services cloud.

The customer, a top 3 UK financial institution with assets in excess of £800 billion has made a strategic decision to improve the agility of its software development cycle through the use of web scale architecture and rapid provisioning offered by AWS. However, with a preference to keep all code within the organisation’s own data centres, it was felt that additional security measures were required to protect critical applications moving from the organisation into AWS.

The institution has been working with Tantallon, an independent cyber security consulting firm that provides advisory, implementation and managed services to Fortune 1000 clients and government organisations on a global basis.

As Steve Street, Managing Director for Tantallon explains, “We looked at a number of options, but Checkmarx was the only solution suited to this project as it meets the typical requirement from the financial services sector that no proprietary code should leave an institution’s premises for inspection, while still offering the capability of enforcing and automating code scanning, prior to release to a given Public Cloud.”

The first part of the two stage project has already helped the institution successfully deploy a fully integrated Checkmarx CxSAST static code analysis on-site solution as part of secure Software Development Lifecycle transition, which is scanning millions of lines of code each week. Stage two takes this technology and places a version in AWS offering an equivalent system that automates the scanning process as a last step for apps before making their way to the cloud.

Checkmarx CxSAST is a powerful source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code. Without needing to build or compile a software project’s source code, CxSAST builds a logical graph of the code’s elements and flows which is examined for issues such as security vulnerabilities, compliance issues, and business logic problems. CxSAST comes with an extensive list of hundreds of pre-configured queries for known security vulnerabilities for each programming language including Java, PHP, Scripting languages, like Java Script, and also .NET technologies (C#, vb.Net). Additionally, Checkmarx is scanning mobile platforms such as Android, iOS and windows mobile.

CxSAST provides scan results to the customer as either static reports or in an interactive interface that enables tracking of runtime behaviour per vulnerability through the code, and provides tools and guidelines for remediation. Results can be customised to eliminate false positives, and various types of workflow metadata can be added to each result instance which can be used for subsequent scans to further increase performance.

“Checkmarx has the additional benefit of offering both proprietary and open source code analysis,” explains Street, “along with industry leading support for widest number of languages and deployment methods which is essential as the organisation explores a number of innovative new applications built using the latest development languages.”
The project is part of a wider move to adopt the cloud across the UK Financial services sector as regulatory and compliance hurdles have been overcome through clarification and agreement with the FCA. “The typical application development cycle within financial services has traditionally been sluggish as development teams struggle to navigate through the complexities of the internal processes across disparate systems and networks while adhering to both internal and regulatory guidelines. This project has the potential to help the institution become more agile in its development lifecycle, while strengthening security across the board.” The onsite phase is already deployed while the AWS portion of the project, which will automate much of the development workflow is now underway with more details to follow at a later date.


</close>