Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

In the News

Top Factors That Impact Application Performance 2016 – Part 4

17 Oct 2016 | By

APP DESIGN: SECURITY

I think application performance is a huge subject but with what the world of software is going through today a lot has to do with security. I believe that the ability to deliver applications which have been developed with security in mind from the start will have a significant impact on the final delivery. An application which is developed with security in mind has less chance to expose user's personal data and therefore less chance of being taken down by the vendor. High programing quality is not only the speed but also the quality of the code and quality includes secure code.
Amit Ashbel
Cyber Security Evangelist, Checkmarx

 

 

Read the full article on APM Digest here.

APP DESIGN: SECURITY

I think application performance is a huge subject but with what the world of software is going through today a lot has to do with security. I believe that the ability to deliver applications which have been developed with security in mind from the start will have a significant impact on the final delivery. An application which is developed with security in mind has less chance to expose user’s personal data and therefore less chance of being taken down by the vendor. High programing quality is not only the speed but also the quality of the code and quality includes secure code.
Amit Ashbel
Cyber Security Evangelist, Checkmarx

 

 

Read the full article on APM Digest here.


</close>

7 ways DevOps benefits CISOs and their security programs

4 Oct 2016 | By Ryan Francis
DevOps can be beneficial

Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps.

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money and time along the way.

Checkmarx explains why DevOps can end up being a major benefit to security.

 

Continue reading the article on CSO.

DevOps can be beneficial

Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps.

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money and time along the way.

Checkmarx explains why DevOps can end up being a major benefit to security.

 

Continue reading the article on CSO.


</close>

Yahoo to be sued over mega breach

27 Sep 2016 | By Max Metzger

Yahoo will be sued over the mega breach that was revealed last week. A resident of New York, Ronald Schwartz, filed the suit on Friday in a California court represented by law firms Robbins Geller Rudman as well as Dowd and Labaton Sucharow.

The suit states that if only Yahoo had been more serious about user privacy, then millions of the company's customers' personal data would not been exposed. Instead, the claimants state, the company showed “reckless disregard for the security of its users' personal information”. The lawsuit says that  Yahoo took three times as long as it should have to uncover the breach, which was initially performed in 2014.

As regulations are so often arcane and hard to follow, could civil litigation be a route to not only fair recompense for the victims of a breach, but a strict corrective to those who should have been better prepared?

This may “lead to more than just companies re-thinking their security strategy,” Amit Ashbel, cyber-security evangelist at Checkmarx told SC. “It will probably also create an industry demand for clear regulations and standards to not necessarily prevent such attacks but rather protect organisations from further legal actions following a breach.”

 

Read more on SC Magazine here

Yahoo will be sued over the mega breach that was revealed last week. A resident of New York, Ronald Schwartz, filed the suit on Friday in a California court represented by law firms Robbins Geller Rudman as well as Dowd and Labaton Sucharow.

The suit states that if only Yahoo had been more serious about user privacy, then millions of the company’s customers’ personal data would not been exposed. Instead, the claimants state, the company showed “reckless disregard for the security of its users’ personal information”. The lawsuit says that  Yahoo took three times as long as it should have to uncover the breach, which was initially performed in 2014.

As regulations are so often arcane and hard to follow, could civil litigation be a route to not only fair recompense for the victims of a breach, but a strict corrective to those who should have been better prepared?

This may “lead to more than just companies re-thinking their security strategy,” Amit Ashbel, cyber-security evangelist at Checkmarx told SC. “It will probably also create an industry demand for clear regulations and standards to not necessarily prevent such attacks but rather protect organisations from further legal actions following a breach.”

 

Read more on SC Magazine here


</close>

Securing code to fight cyber crime

27 Sep 2016 | By Cecilia Rehn

Amit Ashbel, Cyber Security Evangelist, Checkmarx, explains why automated application security testing is the first step in combating cyber crime.

The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such as the internet of things (IoT) for example. However, with these new developments come security risks to both businesses and consumers; hacking and cyber crime are now widely reported. The first step to combating these increased risks is to secure the application code in order to stop vulnerabilities at the root.

 

Read more on Software Testing News here

Amit Ashbel, Cyber Security Evangelist, Checkmarx, explains why automated application security testing is the first step in combating cyber crime.

The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such as the internet of things (IoT) for example. However, with these new developments come security risks to both businesses and consumers; hacking and cyber crime are now widely reported. The first step to combating these increased risks is to secure the application code in order to stop vulnerabilities at the root.

 

Read more on Software Testing News here


</close>

Checkmarx Announces AppSec Coach

19 Sep 2016 | By

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

 

 

Read the original release on Devops Digest

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

 

 

Read the original release on Devops Digest


</close>

Checkmarx wants to help developers write more secure code

19 Sep 2016 | By Maria Deutscher

An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Read more of the article on SiliconANGLE here

An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Read more of the article on SiliconANGLE here


</close>

New products of the week 9.19.16

19 Sep 2016 | By Ryan Francis
AppSec Coach

Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed most. More info.

Continue reading on Network World.
AppSec Coach

Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed most. More info.

Continue reading on Network World.

</close>

Promoting secure code from within: the gamification approach

19 Sep 2016 | By Amit Ashbel

By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing.

Recent research claims that a quarter of third party apps are high risk and although they're banned in some organisations, policing that ban is difficult. Third party apps and especially open source ones are great and play a very important task in today’s development practices, however, in order to ensure they are not putting your applications at risk, developers need to learn how to code securely.

 

Read more on ITProPortal

By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing.

Recent research claims that a quarter of third party apps are high risk and although they’re banned in some organisations, policing that ban is difficult. Third party apps and especially open source ones are great and play a very important task in today’s development practices, however, in order to ensure they are not putting your applications at risk, developers need to learn how to code securely.

 

Read more on ITProPortal


</close>

New products of the week 9.12.16

12 Sep 2016 | By Ryan Francis
CxSAST, Swift Programming Language Support

Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info.

 

 

Read more on Network World here

CxSAST, Swift Programming Language Support

Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info.

 

 

Read more on Network World here


</close>

Checkmarx Announces Support For Swift Programming Language Vulnerability Detection And Remediation

7 Sep 2016 | By Checkmarx

Checkmarx, a global leader in application security testing, today announced Swift language support, providing Checkmarx users with the ability to identify and mitigate security, quality and compliance issues in their Swift code before it reaches production. The new capability adds Swift to the growing list of supported languages that can be scanned for vulnerabilities and compliance issues by Checkmarx’s Source Code Analysis solution, CxSAST.

Swift, one of the fastest growing programming languages in history, is being increasingly adopted by organizations across all verticals. Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now considering implementing Swift as a “first class” language for Android, Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, Lyft, Firefox, LinkedIn and others have adopted Swift into their projects. With Swift now available to the open source community there is little doubt that its uptake will grow even more significantly. Considering its meteoric rise in popularity, and the increasing amount of sensitive personal data contained within Swift applications, there is an urgent need to ensure that all projects written in Swift are properly scanned for security, quality and compliance issues.

Checkmarx scans Swift code for a wide range of potential vulnerabilities including high-level security threats such as SQL injections (SQLi), reflected XSS, buffer overflows, stored XSS and others.

Adding to the extensive list of 20 programming languages already supported by Checkmarx’s CxSAST, the addition of Swift support complements Checkmarx’s superior support for iOS and OS X applications. Checkmarx’s programming language support is operating system agnostic, which serves as a significant advantage for iOS and Swift development shops that can maintain their code security levels even upon new iOS version releases.

“Checkmarx is committed to keeping up with the most advanced development technologies,” says Checkmarx VP of Products Nir Livni. “Many of our customers already use Checkmarx’s CxSAST to deliver secure mobile applications and Swift language support is part of this coverage. Swift is quickly becoming the most popular mobile development language and I am glad we are able to help our customers introduce new mobile applications while ensuring they are secure.”

Read the original release on BusinessWire.

Checkmarx, a global leader in application security testing, today announced Swift language support, providing Checkmarx users with the ability to identify and mitigate security, quality and compliance issues in their Swift code before it reaches production. The new capability adds Swift to the growing list of supported languages that can be scanned for vulnerabilities and compliance issues by Checkmarx’s Source Code Analysis solution, CxSAST.

Swift, one of the fastest growing programming languages in history, is being increasingly adopted by organizations across all verticals. Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now considering implementing Swift as a “first class” language for Android, Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, Lyft, Firefox, LinkedIn and others have adopted Swift into their projects. With Swift now available to the open source community there is little doubt that its uptake will grow even more significantly. Considering its meteoric rise in popularity, and the increasing amount of sensitive personal data contained within Swift applications, there is an urgent need to ensure that all projects written in Swift are properly scanned for security, quality and compliance issues.

Checkmarx scans Swift code for a wide range of potential vulnerabilities including high-level security threats such as SQL injections (SQLi), reflected XSS, buffer overflows, stored XSS and others.

Adding to the extensive list of 20 programming languages already supported by Checkmarx’s CxSAST, the addition of Swift support complements Checkmarx’s superior support for iOS and OS X applications. Checkmarx’s programming language support is operating system agnostic, which serves as a significant advantage for iOS and Swift development shops that can maintain their code security levels even upon new iOS version releases.

“Checkmarx is committed to keeping up with the most advanced development technologies,” says Checkmarx VP of Products Nir Livni. “Many of our customers already use Checkmarx’s CxSAST to deliver secure mobile applications and Swift language support is part of this coverage. Swift is quickly becoming the most popular mobile development language and I am glad we are able to help our customers introduce new mobile applications while ensuring they are secure.”

Read the original release on BusinessWire.


</close>