In the News

The unsung achiever: Pakistani tops lists of ethical hackers of 2014

3 Jan 2015 | By Farooq Baloch

The world’s leading information security publications have featured Pakistani security researcher, Rafay Baloch, as one of the top ethical hackers in 2014, putting the 21-year-old Karachiite on top of their lists, The Express Tribune learnt on Thursday.

“Ethical hacking, which makes the information world more secure, is one way we [Pakistanis] can change our country’s negative perception in the world,” said Baloch.

Checkmarx, a source code analysis company based out of Tel Aviv, Israel, recognized Baloch as one of the world’s top five ethical hackers who made the headlines in 2014 for exposing a serious vulnerability – a Same-Origin Policy (SOP) bypass – in Android’s Open Source Platform browser (versions older than 4.4).

The recognition comes from a company that has, arguably, the best tool for Static Application Security Testing. Checkmarx was ranked number one for static analysis in “Critical Capabilities for Application Security Testing”, a 2014 report by the world’s leading information technology research and advisory company, Gartner.

Read the rest of this article here.

The world’s leading information security publications have featured Pakistani security researcher, Rafay Baloch, as one of the top ethical hackers in 2014, putting the 21-year-old Karachiite on top of their lists, The Express Tribune learnt on Thursday.

“Ethical hacking, which makes the information world more secure, is one way we [Pakistanis] can change our country’s negative perception in the world,” said Baloch.

Checkmarx, a source code analysis company based out of Tel Aviv, Israel, recognized Baloch as one of the world’s top five ethical hackers who made the headlines in 2014 for exposing a serious vulnerability – a Same-Origin Policy (SOP) bypass – in Android’s Open Source Platform browser (versions older than 4.4).

The recognition comes from a company that has, arguably, the best tool for Static Application Security Testing. Checkmarx was ranked number one for static analysis in “Critical Capabilities for Application Security Testing”, a 2014 report by the world’s leading information technology research and advisory company, Gartner.

Read the rest of this article here.


</close>

Checkmarx Ranked #1 for “Static Analysis Product” in Gartner’s 2014 Critical Capabilities for Application Security Testing Report

30 Dec 2014 | By Asaph Schulman

TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) -- Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014.

Forrester Research, Inc. invited 12 AST solution providers to participate and rated the providers based on 82 specific criteria within their current offerings, strategies, and market presence. The report offers a comprehensive assessment of each vendor for security and risk professionals. In Forrester’s evaluation, Checkmarx received among the highest scores for Customer References, Corporate Strategy and Developer Education and Training.

“Checkmarx’s solution has strong functional capabilities in deployment, concurrent use, scanning automation, configurable rules and scans, target scanning, and multiple user report,” the report noted. “The Checkmarx offering has strong static analysis levels around source code scanning, varied language and framework support, analysis levels, and custom static analysis rules.”

Read the rest of the release here.

TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) — Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014.

Forrester Research, Inc. invited 12 AST solution providers to participate and rated the providers based on 82 specific criteria within their current offerings, strategies, and market presence. The report offers a comprehensive assessment of each vendor for security and risk professionals. In Forrester’s evaluation, Checkmarx received among the highest scores for Customer References, Corporate Strategy and Developer Education and Training.

“Checkmarx’s solution has strong functional capabilities in deployment, concurrent use, scanning automation, configurable rules and scans, target scanning, and multiple user report,” the report noted. “The Checkmarx offering has strong static analysis levels around source code scanning, varied language and framework support, analysis levels, and custom static analysis rules.”

Read the rest of the release here.


</close>

The Business Value of Partial Code Scanning

29 Dec 2014 | By Kevin Beaver

It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get started. This reminds me of the Mark Victor Hansen quote:

“Don’t wait until everything is just right. It will never be perfect. There will always be challenges, obstacles and less than perfect conditions. So what. Get started now. With each step you take, you will grow stronger and stronger, more and more skilled, more and more self-confident and more and more successful.”

I wrote this article in conjunction with the nice folks at Checkmarx who happen to produce the best static source code analysis tool I’ve used…especially given its price compared to the competition – it’s not even in the same galaxy as some of the others out there. Definitely worth checking out.

Check out Kevin's blog for more.

It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get started. This reminds me of the Mark Victor Hansen quote:

“Don’t wait until everything is just right. It will never be perfect. There will always be challenges, obstacles and less than perfect conditions. So what. Get started now. With each step you take, you will grow stronger and stronger, more and more skilled, more and more self-confident and more and more successful.”

I wrote this article in conjunction with the nice folks at Checkmarx who happen to produce the best static source code analysis tool I’ve used…especially given its price compared to the competition – it’s not even in the same galaxy as some of the others out there. Definitely worth checking out.

Check out Kevin’s blog for more.


</close>

8 Cybersecurity Resolutions to Make for 2015

8 Dec 2014 | By Nicole Fallon

It seems that 2014 was the year of data breaches in the business world. Target, Home Depot, AT&T, JP Morgan, eBay, P.F. Chang’s and other high-profile brands all fell victim to cybercriminals, compromising both the companies’ reputations and their customers’ information.

1. Secure your mobile apps

You know you need to protect your business’s website and payment system, but what about your mobile app? If you’ve created an app for your customers to use, it may not be as secure as you think.

“Mobile apps serve as a portal to your business’ system as well as your customers’ phones,” said Asaph Schulman, vice president of marketing at Web and mobile-app security solutions provider Checkmarx. “Making sure your app is secured before releasing it to the public will keep you and your customers happy and safe. Don’t assume that your Web developer will consider security as part of their brief, unless you insist on it.”

Read the whole article at Business News Daily.

It seems that 2014 was the year of data breaches in the business world. Target, Home Depot, AT&T, JP Morgan, eBay, P.F. Chang’s and other high-profile brands all fell victim to cybercriminals, compromising both the companies’ reputations and their customers’ information.

1. Secure your mobile apps

You know you need to protect your business’s website and payment system, but what about your mobile app? If you’ve created an app for your customers to use, it may not be as secure as you think.

“Mobile apps serve as a portal to your business’ system as well as your customers’ phones,” said Asaph Schulman, vice president of marketing at Web and mobile-app security solutions provider Checkmarx. “Making sure your app is secured before releasing it to the public will keep you and your customers happy and safe. Don’t assume that your Web developer will consider security as part of their brief, unless you insist on it.”

Read the whole article at Business News Daily.


</close>

5 Ways Outsourcing App Development Security Will Help You Cut Costs

12 Nov 2014 | By Shirley Ben-Dak

IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible parent in charge of maintaining application security. Given that web applications often entail the transfer of secure information, regulatory requirements are generally the norm. As such, identifying vulnerabilities and company weak spots shouldn’t and can’t be overlooked.

Knowing this, should code security protocols fall under the job description of your headphones-friendly web developer? Below are 5 ways outsourcing app development security will help you cut costs both now and in the future.

Continue reading this article at Nimble.com

IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible parent in charge of maintaining application security. Given that web applications often entail the transfer of secure information, regulatory requirements are generally the norm. As such, identifying vulnerabilities and company weak spots shouldn’t and can’t be overlooked.

Knowing this, should code security protocols fall under the job description of your headphones-friendly web developer? Below are 5 ways outsourcing app development security will help you cut costs both now and in the future.

Continue reading this article at Nimble.com


</close>

Citizen Developers Will Ruin Software, Discuss

30 Sep 2014 | By Forbes

Our use of term ‘citizen’ has evolved. It has transmogrified from its original context pertaining to: any native or naturalized member of a state or nation who owes allegiance to its government. Today then, citizen means: a consumer-level or non-specialist participant who engages in the formal activities of an established profession. The citizen (insert job title) will typically carry out his or her actions and then subsequently post the results on social networks and various Internet-based forums.

The problem, encapsulated

Here’s the problem in a nutshell. Ask a citizen developer if they think citizen programming is a good thing and they will say yes. Ask a developer and they will say no. Ask a software testing and management company and they will say yes, but only if the software is tested and managed and controlled. Ask a cloud development company and they will say yes, but only if the resulting software is compartmentalized, virtualized away and containerized appropriately. Ask a security-aware code analysis company and they will say yes, but security measures need to be baked into the development process itself so that security checks are not left to the final stage, when there is often additional pressure to complete the project in time for deadlines.

Read the full article at Forbes.

Our use of term ‘citizen’ has evolved. It has transmogrified from its original context pertaining to: any native or naturalized member of a state or nation who owes allegiance to its government. Today then, citizen means: a consumer-level or non-specialist participant who engages in the formal activities of an established profession. The citizen (insert job title) will typically carry out his or her actions and then subsequently post the results on social networks and various Internet-based forums.

The problem, encapsulated

Here’s the problem in a nutshell. Ask a citizen developer if they think citizen programming is a good thing and they will say yes. Ask a developer and they will say no. Ask a software testing and management company and they will say yes, but only if the software is tested and managed and controlled. Ask a cloud development company and they will say yes, but only if the resulting software is compartmentalized, virtualized away and containerized appropriately. Ask a security-aware code analysis company and they will say yes, but security measures need to be baked into the development process itself so that security checks are not left to the final stage, when there is often additional pressure to complete the project in time for deadlines.

Read the full article at Forbes.


</close>

Web Security Tools that Take the Pressure Off Web Designers

25 Sep 2014 | By Peter Lee

Designers can take an idea and turn it into a masterpiece of user interactivity, and because of their competence in all things aesthetic and interface, they’re often asked to undergo tasks that, honestly, should not fall on their shoulders. Yet, they still trudge along in the noble effort to retain clients. One of the worst types of encounters they are faced with comes in the form of web security, which is about as close to web design as a beanie is to jogging shoes. Sure, they’ll get used by the same person, but their origins are wildly different.

In many cases, designers will reach out through channels like Craigslist to find one-off programmers and “security experts” but often end up short in terms of accountability or assurance. But, for those who want to come out of the task looking like an internet champion, there are some security tools available that will not only get the work completed, but they will help keep a website or web app safe for as long as required.

Checkmarx

As a web security service, Checkmarx is one of those end-all, be-all products that will cover anything. Their tools not only cover everything from the OWASP top 10 and SANS list of known security breaches, but they have some killer services that a designer can use to significant effect. As far as these are concerned, the best comes in the form of software code analysis that checks web applications for vulnerabilities and can even deploy fixes for these security holes.

They go far beyond just that, though, and are a trusted enough resource that their clientele includes behemoths like the federal government and Deutsche Telekom (The company behind T-Mobile). Their ability to find system vulnerabilities as well as offering access to an abundance of tools to fix any issues make Checkmarx unbeatable in the realm of security.

Read the original article on TechSheer

Designers can take an idea and turn it into a masterpiece of user interactivity, and because of their competence in all things aesthetic and interface, they’re often asked to undergo tasks that, honestly, should not fall on their shoulders. Yet, they still trudge along in the noble effort to retain clients. One of the worst types of encounters they are faced with comes in the form of web security, which is about as close to web design as a beanie is to jogging shoes. Sure, they’ll get used by the same person, but their origins are wildly different.

In many cases, designers will reach out through channels like Craigslist to find one-off programmers and “security experts” but often end up short in terms of accountability or assurance. But, for those who want to come out of the task looking like an internet champion, there are some security tools available that will not only get the work completed, but they will help keep a website or web app safe for as long as required.

Checkmarx

As a web security service, Checkmarx is one of those end-all, be-all products that will cover anything. Their tools not only cover everything from the OWASP top 10 and SANS list of known security breaches, but they have some killer services that a designer can use to significant effect. As far as these are concerned, the best comes in the form of software code analysis that checks web applications for vulnerabilities and can even deploy fixes for these security holes.

They go far beyond just that, though, and are a trusted enough resource that their clientele includes behemoths like the federal government and Deutsche Telekom (The company behind T-Mobile). Their ability to find system vulnerabilities as well as offering access to an abundance of tools to fix any issues make Checkmarx unbeatable in the realm of security.

Read the original article on TechSheer


</close>

Checkmarx Named Fastest Growing Security Company in Israel

23 Sep 2014 | By Sharon Solomon

Checkmarx, a leading developer of static code analysis solutions which identify software security vulnerabilities, has been ranked the #1 fastest growing security company in the Israel Deloitte Technology Fast 50 for 2014 – one of Israel’s foremost technology awards. Checkmarx’s outstanding 1286% growth rate over the last five years positions the company as the 15th fastest growing technology company overall in Israel.

The awards recognize extraordinary growth driven by technology innovation. To determine the fastest growing companies, Deloitte reviewed fiscal year revenues over five years (2010-2014) then calculated and compared the revenue growth percentages. As part of the award, Checkmarx is automatically entered into the Deloitte Technology Fast 500 EMEA: a ranking of the 500 fastest-growing technology companies in Europe, the Middle East and Africa over the last five years.

Checkmarx is a creator of software solutions that secure mobile and web applications during the development process. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

“We are thrilled to be ranked as the fastest growing security company in Israel,” said Asaph Shulman, VP Marketing at Checkmarx. “Being ranked as a Fast 50 Company is the result of many years of hard work and innovation by our team, and is a testament to the impact of Checkmarx’s technology. It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people.”

“As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk,” he continued.

“Achieving sustained revenue growth of 1286% over five years is a fantastic achievement for a technology company operating in a competitive global economy,” said Tal Chen, partner in charge of the Deloitte Brightman Almagor Zohar Israel Technology Fast 50 Program. Checkmarx deserves great recognition for its outstanding growth, and we congratulate them for it.”

About Checkmarx:

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army.

 

Checkmarx, a leading developer of static code analysis solutions which identify software security vulnerabilities, has been ranked the #1 fastest growing security company in the Israel Deloitte Technology Fast 50 for 2014 – one of Israel’s foremost technology awards. Checkmarx’s outstanding 1286% growth rate over the last five years positions the company as the 15th fastest growing technology company overall in Israel.

The awards recognize extraordinary growth driven by technology innovation. To determine the fastest growing companies, Deloitte reviewed fiscal year revenues over five years (2010-2014) then calculated and compared the revenue growth percentages. As part of the award, Checkmarx is automatically entered into the Deloitte Technology Fast 500 EMEA: a ranking of the 500 fastest-growing technology companies in Europe, the Middle East and Africa over the last five years.

Checkmarx is a creator of software solutions that secure mobile and web applications during the development process. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

“We are thrilled to be ranked as the fastest growing security company in Israel,” said Asaph Shulman, VP Marketing at Checkmarx. “Being ranked as a Fast 50 Company is the result of many years of hard work and innovation by our team, and is a testament to the impact of Checkmarx’s technology. It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people.”

“As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk,” he continued.

“Achieving sustained revenue growth of 1286% over five years is a fantastic achievement for a technology company operating in a competitive global economy,” said Tal Chen, partner in charge of the Deloitte Brightman Almagor Zohar Israel Technology Fast 50 Program. Checkmarx deserves great recognition for its outstanding growth, and we congratulate them for it.”

About Checkmarx:

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army.

 


</close>

Former HP Executive Joins Checkmarx

11 Sep 2014 | By Sharon Solomon

Ron Kormanek, former Hewlett Packard executive, to serve as VP Sales, North America for Checkmarx – a Leading Application Security Solution Provider

Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx.

“With his vast experience in the application security testing sector, Ron is the ideal candidate to manage the exponential growth we are experiencing in the North American market,” said Emmanuel Benzaquen, CEO of Checkmarx. “With his help, Checkmarx will continue displacing the established leaders in the field of application security and bring our disruptive technology to even more customers across different industries.”

Checkmarx is a provider of SAST software solutions that cover a broad variety of programming languages, securing mobile and web applications from the very beginning of the development. Checkmarx’s technology provides maximum application security for software developers and security experts throughout the software development life cycle (SDLC), in both on premise and on demand models. Recently named as the leading Challenger in the Application Security Testing Magic Quadrant by Gartner, Checkmarx is taking further strides to strengthen the company’s presence globally, and in North America in particular.

Ron brings to Checkmarx over 20 years of experience in the security industry. Prior to joining Checkmarx, Ron worked at Hewlett-Packard for nine years, most recently as VP of Sales in the Enterprise Security Products Division. Prior to HP he held several senior sales positions at McAfee and Ameritech.

“I am delighted to be joining such an innovative and dynamic a company as Checkmarx. Its innovative solutions and vision for the future of application security testing highlight why Checkmarx is quickly becoming a leader in the market,” noted the new VP, Ron Kormanek. “The increased reliance on web and mobile applications and their dependency on sensitive consumer information will lead to a demand for excellent and trustworthy application security solutions, and Checkmarx is ideally positioned to meet the challenge.”

Ron Kormanek, former Hewlett Packard executive, to serve as VP Sales, North America for Checkmarx – a Leading Application Security Solution Provider

Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx.

“With his vast experience in the application security testing sector, Ron is the ideal candidate to manage the exponential growth we are experiencing in the North American market,” said Emmanuel Benzaquen, CEO of Checkmarx. “With his help, Checkmarx will continue displacing the established leaders in the field of application security and bring our disruptive technology to even more customers across different industries.”

Checkmarx is a provider of SAST software solutions that cover a broad variety of programming languages, securing mobile and web applications from the very beginning of the development. Checkmarx’s technology provides maximum application security for software developers and security experts throughout the software development life cycle (SDLC), in both on premise and on demand models. Recently named as the leading Challenger in the Application Security Testing Magic Quadrant by Gartner, Checkmarx is taking further strides to strengthen the company’s presence globally, and in North America in particular.

Ron brings to Checkmarx over 20 years of experience in the security industry. Prior to joining Checkmarx, Ron worked at Hewlett-Packard for nine years, most recently as VP of Sales in the Enterprise Security Products Division. Prior to HP he held several senior sales positions at McAfee and Ameritech.

“I am delighted to be joining such an innovative and dynamic a company as Checkmarx. Its innovative solutions and vision for the future of application security testing highlight why Checkmarx is quickly becoming a leader in the market,” noted the new VP, Ron Kormanek. “The increased reliance on web and mobile applications and their dependency on sensitive consumer information will lead to a demand for excellent and trustworthy application security solutions, and Checkmarx is ideally positioned to meet the challenge.”


</close>

How To Future-Proof Security For Your Next App Development Project

4 Sep 2014 | By Shirley Ben-Dak

IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive costs as well as deter the focus of developers primarily tasked with writing code.

With hundreds of rigorous security regulations set by various countries worldwide, it has become increasingly necessary to find comprehensive solutions to security source code problems. Thankfully, some of these service providers offer user-friendly browser plugins and simple ‘attach code and wait’ frameworks that reveal security threats upon a quick scan of the application’s source code.

Checkmarx is an example of a leading company that has developed precise tools for testing and analyzing code (while supporting a variety of programming languages) to identify invasive security issues. These and similar technologies essentially allow IT managers to reduce both the costs associated with maintaining security professionals as well as those potentially resulting from a failure to adequately address those threats.

With these and other fast-growing providers helping clients future-proof app development security, coders can reduce or eliminate time spent on handling security checking and concentrate their efforts on writing great code.

Read the original article on the SAP Business Innovation Blog.

IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive costs as well as deter the focus of developers primarily tasked with writing code.

With hundreds of rigorous security regulations set by various countries worldwide, it has become increasingly necessary to find comprehensive solutions to security source code problems. Thankfully, some of these service providers offer user-friendly browser plugins and simple ‘attach code and wait’ frameworks that reveal security threats upon a quick scan of the application’s source code.

Checkmarx is an example of a leading company that has developed precise tools for testing and analyzing code (while supporting a variety of programming languages) to identify invasive security issues. These and similar technologies essentially allow IT managers to reduce both the costs associated with maintaining security professionals as well as those potentially resulting from a failure to adequately address those threats.

With these and other fast-growing providers helping clients future-proof app development security, coders can reduce or eliminate time spent on handling security checking and concentrate their efforts on writing great code.

Read the original article on the SAP Business Innovation Blog.


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.