Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

In the News

The state of testing within application security

21 Oct 2016 | By Jordan Platt

Testing is an integral part of application security (AppSec) but according to the recent SANS State of Application Security report recently commissioned by Checkmarx, how organisations test is very diverse. The report identifies how organisations test, who is responsible for testing, what organisations are finding and how they are remediating those bugs and vulnerabilities. In this article, Amit Ashbel, cyber security evangelist at Checkmarx, delves into the findings and discusses how moving testing to a Secure Software Development Life Cycle is the best defence against today’s cyber attacker.

 

Read the full article on Software Testing News here.

Testing is an integral part of application security (AppSec) but according to the recent SANS State of Application Security report recently commissioned by Checkmarx, how organisations test is very diverse. The report identifies how organisations test, who is responsible for testing, what organisations are finding and how they are remediating those bugs and vulnerabilities. In this article, Amit Ashbel, cyber security evangelist at Checkmarx, delves into the findings and discusses how moving testing to a Secure Software Development Life Cycle is the best defence against today’s cyber attacker.

 

Read the full article on Software Testing News here.


</close>

Top Factors That Impact Application Performance 2016 – Part 4

17 Oct 2016 | By

APP DESIGN: SECURITY

I think application performance is a huge subject but with what the world of software is going through today a lot has to do with security. I believe that the ability to deliver applications which have been developed with security in mind from the start will have a significant impact on the final delivery. An application which is developed with security in mind has less chance to expose user's personal data and therefore less chance of being taken down by the vendor. High programing quality is not only the speed but also the quality of the code and quality includes secure code.
Amit Ashbel
Cyber Security Evangelist, Checkmarx

 

 

Read the full article on APM Digest here.

APP DESIGN: SECURITY

I think application performance is a huge subject but with what the world of software is going through today a lot has to do with security. I believe that the ability to deliver applications which have been developed with security in mind from the start will have a significant impact on the final delivery. An application which is developed with security in mind has less chance to expose user’s personal data and therefore less chance of being taken down by the vendor. High programing quality is not only the speed but also the quality of the code and quality includes secure code.
Amit Ashbel
Cyber Security Evangelist, Checkmarx

 

 

Read the full article on APM Digest here.


</close>

7 ways DevOps benefits CISOs and their security programs

4 Oct 2016 | By Ryan Francis
DevOps can be beneficial

Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps.

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money and time along the way.

Checkmarx explains why DevOps can end up being a major benefit to security.

 

Continue reading the article on CSO.

DevOps can be beneficial

Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps.

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money and time along the way.

Checkmarx explains why DevOps can end up being a major benefit to security.

 

Continue reading the article on CSO.


</close>

Yahoo to be sued over mega breach

27 Sep 2016 | By Max Metzger

Yahoo will be sued over the mega breach that was revealed last week. A resident of New York, Ronald Schwartz, filed the suit on Friday in a California court represented by law firms Robbins Geller Rudman as well as Dowd and Labaton Sucharow.

The suit states that if only Yahoo had been more serious about user privacy, then millions of the company's customers' personal data would not been exposed. Instead, the claimants state, the company showed “reckless disregard for the security of its users' personal information”. The lawsuit says that  Yahoo took three times as long as it should have to uncover the breach, which was initially performed in 2014.

As regulations are so often arcane and hard to follow, could civil litigation be a route to not only fair recompense for the victims of a breach, but a strict corrective to those who should have been better prepared?

This may “lead to more than just companies re-thinking their security strategy,” Amit Ashbel, cyber-security evangelist at Checkmarx told SC. “It will probably also create an industry demand for clear regulations and standards to not necessarily prevent such attacks but rather protect organisations from further legal actions following a breach.”

 

Read more on SC Magazine here

Yahoo will be sued over the mega breach that was revealed last week. A resident of New York, Ronald Schwartz, filed the suit on Friday in a California court represented by law firms Robbins Geller Rudman as well as Dowd and Labaton Sucharow.

The suit states that if only Yahoo had been more serious about user privacy, then millions of the company’s customers’ personal data would not been exposed. Instead, the claimants state, the company showed “reckless disregard for the security of its users’ personal information”. The lawsuit says that  Yahoo took three times as long as it should have to uncover the breach, which was initially performed in 2014.

As regulations are so often arcane and hard to follow, could civil litigation be a route to not only fair recompense for the victims of a breach, but a strict corrective to those who should have been better prepared?

This may “lead to more than just companies re-thinking their security strategy,” Amit Ashbel, cyber-security evangelist at Checkmarx told SC. “It will probably also create an industry demand for clear regulations and standards to not necessarily prevent such attacks but rather protect organisations from further legal actions following a breach.”

 

Read more on SC Magazine here


</close>

Securing code to fight cyber crime

27 Sep 2016 | By Cecilia Rehn

Amit Ashbel, Cyber Security Evangelist, Checkmarx, explains why automated application security testing is the first step in combating cyber crime.

The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such as the internet of things (IoT) for example. However, with these new developments come security risks to both businesses and consumers; hacking and cyber crime are now widely reported. The first step to combating these increased risks is to secure the application code in order to stop vulnerabilities at the root.

 

Read more on Software Testing News here

Amit Ashbel, Cyber Security Evangelist, Checkmarx, explains why automated application security testing is the first step in combating cyber crime.

The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such as the internet of things (IoT) for example. However, with these new developments come security risks to both businesses and consumers; hacking and cyber crime are now widely reported. The first step to combating these increased risks is to secure the application code in order to stop vulnerabilities at the root.

 

Read more on Software Testing News here


</close>

Checkmarx Announces AppSec Coach

19 Sep 2016 | By

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

 

 

Read the original release on Devops Digest

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

 

 

Read the original release on Devops Digest


</close>

Checkmarx wants to help developers write more secure code

19 Sep 2016 | By Maria Deutscher

An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Read more of the article on SiliconANGLE here

An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Read more of the article on SiliconANGLE here


</close>

New products of the week 9.19.16

19 Sep 2016 | By Ryan Francis
AppSec Coach

Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed most. More info.

Continue reading on Network World.
AppSec Coach

Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed most. More info.

Continue reading on Network World.

</close>

Promoting secure code from within: the gamification approach

19 Sep 2016 | By Amit Ashbel

By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing.

Recent research claims that a quarter of third party apps are high risk and although they're banned in some organisations, policing that ban is difficult. Third party apps and especially open source ones are great and play a very important task in today’s development practices, however, in order to ensure they are not putting your applications at risk, developers need to learn how to code securely.

 

Read more on ITProPortal

By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing.

Recent research claims that a quarter of third party apps are high risk and although they’re banned in some organisations, policing that ban is difficult. Third party apps and especially open source ones are great and play a very important task in today’s development practices, however, in order to ensure they are not putting your applications at risk, developers need to learn how to code securely.

 

Read more on ITProPortal


</close>

New products of the week 9.12.16

12 Sep 2016 | By Ryan Francis
CxSAST, Swift Programming Language Support

Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info.

 

 

Read more on Network World here

CxSAST, Swift Programming Language Support

Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info.

 

 

Read more on Network World here


</close>