In the News

Application Security Taking Center Stage for Retailers

20 Aug 2014 | By Asaph Schulman

The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.

In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.

Five Ways Retailers Can Secure Applications
1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.

2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.

3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.

4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.

5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.

The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.

Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.

Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.

Read the original article at Retail Online Integration here

The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.

In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.

Five Ways Retailers Can Secure Applications
1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.

2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.

3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.

4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.

5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.

The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.

Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.

Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.

Read the original article at Retail Online Integration here


</close>

Checkmarx And Integral Agree on Making New Zealand More Secure

10 Jul 2014 | By Sharon Solomon

Integral, a highly respected New Zealand software developer is today announcing a resell agreement with Checkmarx, a global leader in Application Security Testing solutions.

“We are excited to announce the launch of this agreement between Integral and Checkmarx. The agreement allows us to provide New Zealand companies with local access to Checkmarx security solutions, on-premise and in the cloud, meaning developers can easily scan their code (even un-compiled) for security vulnerabilities, and handle them at any stage in the SDLC” said Simon Hornby, COO for Integral Limited.

Checkmarx is one of Israel’s fastest growing tech companies and boasts an impressive client base. Their solutions are being used globally by four of the world’s 10 largest software vendors as well as companies including Coca-Cola, Samsung, Salesforce.com and the US Army.

In recognition of its innovative software security testing technology, Checkmarx recently won the lucrative Red Herring award and was named Best Product – Application Security Solution 2014 by Cyber Defence Magazine.

Ran Lewinski, VP Sales APAC at Checkmarx commented:

“We are delighted that Integral are partnering with Checkmarx to provide New Zealand companies with access to the best Application Security Testing solutions available. Building an application and keeping it secure is a lot of work. One unchecked step can leave it exploitable by hackers. Checkmarx provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) by scanning software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and showing developers and security auditors where and how to fix them.”

Since its establishment in 1991, Integral has become one of New Zealand’s most experienced and enduring market-leading developers of software solutions for business intelligence. The Integral team of highly experienced consultants’ service clients across diverse industries including forestry, health, aerospace and logistics from our offices located in Auckland, Rotorua and Hawke’s Bay.

Integral, a highly respected New Zealand software developer is today announcing a resell agreement with Checkmarx, a global leader in Application Security Testing solutions.

“We are excited to announce the launch of this agreement between Integral and Checkmarx. The agreement allows us to provide New Zealand companies with local access to Checkmarx security solutions, on-premise and in the cloud, meaning developers can easily scan their code (even un-compiled) for security vulnerabilities, and handle them at any stage in the SDLC” said Simon Hornby, COO for Integral Limited.

Checkmarx is one of Israel’s fastest growing tech companies and boasts an impressive client base. Their solutions are being used globally by four of the world’s 10 largest software vendors as well as companies including Coca-Cola, Samsung, Salesforce.com and the US Army.

In recognition of its innovative software security testing technology, Checkmarx recently won the lucrative Red Herring award and was named Best Product – Application Security Solution 2014 by Cyber Defence Magazine.

Ran Lewinski, VP Sales APAC at Checkmarx commented:

“We are delighted that Integral are partnering with Checkmarx to provide New Zealand companies with access to the best Application Security Testing solutions available. Building an application and keeping it secure is a lot of work. One unchecked step can leave it exploitable by hackers. Checkmarx provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) by scanning software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and showing developers and security auditors where and how to fix them.”

Since its establishment in 1991, Integral has become one of New Zealand’s most experienced and enduring market-leading developers of software solutions for business intelligence. The Integral team of highly experienced consultants’ service clients across diverse industries including forestry, health, aerospace and logistics from our offices located in Auckland, Rotorua and Hawke’s Bay.


</close>

Checkmarx Named a Challenger in Gartner 2014 Magic Quadrant for Application Security Testing

10 Jul 2014 | By Admin

Checkmarx positioned furthest for completeness of vision in the Challengers Quadrant

Checkmarx, a leader in web and mobile application security solutions, has been positioned the furthest for completeness of vision in the Challenger’s quadrant of Gartner’s 2014 Magic Quadrant for Application Security Testing report. Challengers are recognized as “vendors that have executed consistently, typically by focusing on a single technology and have demonstrated substantial competitive capabilities against the Leaders in this particular focus area, and also have demonstrated momentum in their customer base in terms of overall size and growth.”1

“We are thrilled to be named a Challenger in the Application Security Testing market, which we believe reflects our goal to lead the software security space with our disruptive technology,” said Emmanuel Benzaquen, CEO of Checkmarx. “We feel our new position recognizes the advances in our application security expertise and reflects the exponential growth we have experienced in the last three years. We will continue to innovate to provide a constant challenge to the market leaders and work to bring Application Security Testing to the next level.”

According to the Gartner’s Report, “Cyber-attacks have changed from noisy, mass attacks aimed at ‘freezing’ large numbers of computers to targeted and financially motivated attacks. These have included SQL injection, cross-site request forgery (XSRF) and XSS, which are focused on manipulating applications and stealing or tampering with sensitive data. Hackers easily gain access to open-source technologies that enable remote application inspection and probing.1

“Enterprises are increasingly understanding the necessity to implement application security disciplines. Today’s application security markets offer a variety of reasonably mature technologies, and demonstrate innovations that are capable of deterring new threats brought to life by new social and business phenomena, such as cloud and mobile,” the report continues.1

According to the report, “Through 2015, more than 75% of mobile applications will fail basic security tests.”1

Checkmarx addresses this issue by creating SAST software solutions that secure mobile and web applications from the very beginning of the programming process in order to protect consumer data. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

About Checkmarx

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army. To learn more, visit: http://www.checkmarx.com

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 1 Gartner, Inc. “2014 Magic Quadrant for Application Security Testing” by Joseph Fieman, Neil MacDonald, July 1, 2014.

 

Checkmarx positioned furthest for completeness of vision in the Challengers Quadrant

Checkmarx, a leader in web and mobile application security solutions, has been positioned the furthest for completeness of vision in the Challenger’s quadrant of Gartner’s 2014 Magic Quadrant for Application Security Testing report. Challengers are recognized as “vendors that have executed consistently, typically by focusing on a single technology and have demonstrated substantial competitive capabilities against the Leaders in this particular focus area, and also have demonstrated momentum in their customer base in terms of overall size and growth.”1

“We are thrilled to be named a Challenger in the Application Security Testing market, which we believe reflects our goal to lead the software security space with our disruptive technology,” said Emmanuel Benzaquen, CEO of Checkmarx. “We feel our new position recognizes the advances in our application security expertise and reflects the exponential growth we have experienced in the last three years. We will continue to innovate to provide a constant challenge to the market leaders and work to bring Application Security Testing to the next level.”

According to the Gartner’s Report, “Cyber-attacks have changed from noisy, mass attacks aimed at ‘freezing’ large numbers of computers to targeted and financially motivated attacks. These have included SQL injection, cross-site request forgery (XSRF) and XSS, which are focused on manipulating applications and stealing or tampering with sensitive data. Hackers easily gain access to open-source technologies that enable remote application inspection and probing.1

“Enterprises are increasingly understanding the necessity to implement application security disciplines. Today’s application security markets offer a variety of reasonably mature technologies, and demonstrate innovations that are capable of deterring new threats brought to life by new social and business phenomena, such as cloud and mobile,” the report continues.1

According to the report, “Through 2015, more than 75% of mobile applications will fail basic security tests.”1

Checkmarx addresses this issue by creating SAST software solutions that secure mobile and web applications from the very beginning of the programming process in order to protect consumer data. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

About Checkmarx

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army. To learn more, visit: http://www.checkmarx.com

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 1 Gartner, Inc. “2014 Magic Quadrant for Application Security Testing” by Joseph Fieman, Neil MacDonald, July 1, 2014.

 


</close>

Checkmarx Selected as Winner of 2014 Red Herring Top 100 Europe Award

17 Apr 2014 | By Admin

Prestigious Award Given to Europe’s Most Promising Private Technology Ventures

(April 14, 2014. Tel Aviv, Israel) – Checkmarx, a leading provider of code analysis tools that identify security vulnerabilities in web and mobile applications, is delighted to be awarded a 2014 Red Herring Top 100 Europe Award, which celebrates the innovative technologies of private companies across the European region.

Red Herring’s Top 100 Europe list has become a mark of distinction for identifying promising new companies and entrepreneurs. Red Herring’s editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay would change the way we live and work.

“Selecting startups that show the most potential for disruption and growth is never easy,” said Alex Vieux, publisher and CEO of Red Herring. “We looked at hundreds and hundreds of candidates from all across the continent, and after much thought and debate, narrowed the list down to the Top 100 Winners. Each year, the competition gets tougher but we believe Checkmarx demonstrates the vision, drive and innovation that define a Red Herring winner.”

Checkmarx is a creator of software solutions that secure mobile and web applications in order to protect consumer data as they are programmed. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

“We are thrilled to win this award,” said Emmanuel Benzaquen, CEO of Checkmarx.  “It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people. As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk.”

Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technological innovation, management quality, overall business strategy and market penetration. This assessment was complemented by a review of the track records and standings of similar startups in the same verticals, allowing Red Herring to see past the “buzz” and make the list a valuable instrument of discovery and advocacy for the most promising new business models in the European region.

 

About Checkmarx

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Coca Cola, Salesforce and the US Army.

www.checkmarx.com

 

About Red Herring 


Red Herring is a global media company which unites the world’s best high technology innovators, venture investors and business decision makers in a variety of forums: a leading innovation magazine, an online daily technology news service, technology newsletters and major events for technology leaders around the globe. Red Herring provides an insider’s access to the global innovation economy, featuring unparalleled insights on the emerging technologies driving the economy.

 

www.redherring.com

Prestigious Award Given to Europe’s Most Promising Private Technology Ventures

(April 14, 2014. Tel Aviv, Israel) – Checkmarx, a leading provider of code analysis tools that identify security vulnerabilities in web and mobile applications, is delighted to be awarded a 2014 Red Herring Top 100 Europe Award, which celebrates the innovative technologies of private companies across the European region.

Red Herring’s Top 100 Europe list has become a mark of distinction for identifying promising new companies and entrepreneurs. Red Herring’s editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay would change the way we live and work.

“Selecting startups that show the most potential for disruption and growth is never easy,” said Alex Vieux, publisher and CEO of Red Herring. “We looked at hundreds and hundreds of candidates from all across the continent, and after much thought and debate, narrowed the list down to the Top 100 Winners. Each year, the competition gets tougher but we believe Checkmarx demonstrates the vision, drive and innovation that define a Red Herring winner.”

Checkmarx is a creator of software solutions that secure mobile and web applications in order to protect consumer data as they are programmed. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

“We are thrilled to win this award,” said Emmanuel Benzaquen, CEO of Checkmarx.  “It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people. As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk.”

Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technological innovation, management quality, overall business strategy and market penetration. This assessment was complemented by a review of the track records and standings of similar startups in the same verticals, allowing Red Herring to see past the “buzz” and make the list a valuable instrument of discovery and advocacy for the most promising new business models in the European region.

 

About Checkmarx

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Coca Cola, Salesforce and the US Army.

www.checkmarx.com

 

About Red Herring 


Red Herring is a global media company which unites the world’s best high technology innovators, venture investors and business decision makers in a variety of forums: a leading innovation magazine, an online daily technology news service, technology newsletters and major events for technology leaders around the globe. Red Herring provides an insider’s access to the global innovation economy, featuring unparalleled insights on the emerging technologies driving the economy.

 

www.redherring.com


</close>

Checkmarx Named One of Top 20 Most Promising Enterprise Security Companies By CIOReview

8 Apr 2014 | By Sharon Solomon

Amidst the sudden surge of security threats and emergence of innovative security approaches, enterprise security firms that are able to function as a catalyst in connecting the industry with the cutting-edge security solutions will dominate the market. Since an organization’s success is impacted greatly by the security methods implemented, the time is ripe for companies offering purpose-specific enterprise security solutions.

With more funding predicted and threats from hackers being prominent than ever, this is the appropriate time to identify some of the right enterprise security companies that provide unique solutions. To help CIOs navigate and find the right enterprise security solution providers, CIOReview presents the “20 Most Promising Enterprise Security Companies”.

A distinguished panel comprising of CIOs and CEOs of public companies, analysts, and the CIOReview editorial board finalized the 20 Most Promising Enterprise Security Companies. Checkmarx would like to congratulate the other 19 finalists – we’re thrilled to be among the best!

Amidst the sudden surge of security threats and emergence of innovative security approaches, enterprise security firms that are able to function as a catalyst in connecting the industry with the cutting-edge security solutions will dominate the market. Since an organization’s success is impacted greatly by the security methods implemented, the time is ripe for companies offering purpose-specific enterprise security solutions.

With more funding predicted and threats from hackers being prominent than ever, this is the appropriate time to identify some of the right enterprise security companies that provide unique solutions. To help CIOs navigate and find the right enterprise security solution providers, CIOReview presents the “20 Most Promising Enterprise Security Companies”.

A distinguished panel comprising of CIOs and CEOs of public companies, analysts, and the CIOReview editorial board finalized the 20 Most Promising Enterprise Security Companies. Checkmarx would like to congratulate the other 19 finalists – we’re thrilled to be among the best!


</close>

Checkmarx and Specialist IT Consultancy Firm Ballintrae Team Up To Reduce Software Risks

13 Nov 2013 | By Sharon solomon

The companies will jointly work on Application Security.

(CBR) –November 14, 2013 – IT consultants Ballintrae and Checkmarx, an application security testing, have joined forces to reduce software risk.

With risk high on the boardroom agenda, it is hoped that the partnership will help financial services organisations minimise software risk when developing and upgrading internal and client-facing applications.

By working together Ballintrae and Checkmarx believe they can deliver secure applications avoiding glitches with new software applications or systems outages and failures which can cause inconvenience, huge financial losses and reputational damage.

Steve Street, director of innovation at Ballintrae, said: “With our industry knowledge and expertise, coupled with the highly innovative Checkmarx Suite, our clients will have confidence at boardroom level that risk has been substantially reduced.”

Rafi Bhonker, VP sales at Checkmarx, added: “We are looking forward to working with Ballintrae together to introduce innovative Application Security solutions to the UK and communicate the importance of integrating Source Code Analysis into the software development lifecycle.”

The companies will jointly work on Application Security.

(CBR) –November 14, 2013 – IT consultants Ballintrae and Checkmarx, an application security testing, have joined forces to reduce software risk.

With risk high on the boardroom agenda, it is hoped that the partnership will help financial services organisations minimise software risk when developing and upgrading internal and client-facing applications.

By working together Ballintrae and Checkmarx believe they can deliver secure applications avoiding glitches with new software applications or systems outages and failures which can cause inconvenience, huge financial losses and reputational damage.

Steve Street, director of innovation at Ballintrae, said: “With our industry knowledge and expertise, coupled with the highly innovative Checkmarx Suite, our clients will have confidence at boardroom level that risk has been substantially reduced.”

Rafi Bhonker, VP sales at Checkmarx, added: “We are looking forward to working with Ballintrae together to introduce innovative Application Security solutions to the UK and communicate the importance of integrating Source Code Analysis into the software development lifecycle.”


</close>

Security Innovation TeamMentor now Integrates with Checkmarx’s CxSuite

9 Oct 2013 | By Security Innovation & Checkmarx

Provides faster and better remediation guidance within the developers’ environment

Security Innovation, an authority in application security assessment and training, and Checkmarx, a leader in Application Security Testing, announce the seamless integration of TeamMentor with Checkmarx’s CxSuite Static Application Security Testing (SAST) tool.TeamMentor is the most comprehensive application security content management and guidance platform that offers remediation guidance, actionable security policy and secure software development knowledge. The latest release (v3.3.4) now adds new HMTL5 and Scala libraries as well as a library of vulnerability articles designed for integration with code scanners.The integration of Checkmarx’s CxSuite scan results with TeamMentor’s prescriptive security guidance helps users of CxSuite to more quickly identify and fix software vulnerabilities with clear and effective vulnerability remediation best practices that are mapped against static analysis findings.
“The Checkmarx SAST offers highly accurate results for our customers and is complemented by best fix location recommendations which significantly boosts productivity,” said Asaph Schulman, Director of Marketing at Checkmarx. “Coupling our best fix locations guidance with specific TeamMentor articles relevant to the particular findings can make a big difference in our users’ ability to effectively remediate their application security risks.”

The primary goal of this product integration is to provide Checkmarx users with quick and easy access to TeamMentor’s comprehensive security guidance that is accurate and relevant to specific code security questions. This reduces the number of security scan cycles that involve QA, Information Security or other teams, as well as the total number of vulnerabilities found by security scans and penetration tests. Integrating security scanning and guidance into a development workflow ultimately results in quicker production of more secure and stable applications
“Our vulnerability-specific guidance is structured in an expanding knowledge pathway,” said Ed Adams, Security Innovation CEO.” “Unlike other solutions such as Google, books, etc., TeamMentor avoids overwhelming the user with information. Instead, it progressively educates by allowing the user to quickly grasp important concepts and fix their code faster and more effectively.”
TeamMentor provides guidance from Checkmarx’s browser-based client as well as Checkmarx’s plugins for Visual Studio and Eclipse, allowing the developer to access security guidance right from their development environments.

Provides faster and better remediation guidance within the developers’ environment

Security Innovation, an authority in application security assessment and training, and Checkmarx, a leader in Application Security Testing, announce the seamless integration of TeamMentor with Checkmarx’s CxSuite Static Application Security Testing (SAST) tool.TeamMentor is the most comprehensive application security content management and guidance platform that offers remediation guidance, actionable security policy and secure software development knowledge. The latest release (v3.3.4) now adds new HMTL5 and Scala libraries as well as a library of vulnerability articles designed for integration with code scanners.The integration of Checkmarx’s CxSuite scan results with TeamMentor’s prescriptive security guidance helps users of CxSuite to more quickly identify and fix software vulnerabilities with clear and effective vulnerability remediation best practices that are mapped against static analysis findings.
“The Checkmarx SAST offers highly accurate results for our customers and is complemented by best fix location recommendations which significantly boosts productivity,” said Asaph Schulman, Director of Marketing at Checkmarx. “Coupling our best fix locations guidance with specific TeamMentor articles relevant to the particular findings can make a big difference in our users’ ability to effectively remediate their application security risks.”

The primary goal of this product integration is to provide Checkmarx users with quick and easy access to TeamMentor’s comprehensive security guidance that is accurate and relevant to specific code security questions. This reduces the number of security scan cycles that involve QA, Information Security or other teams, as well as the total number of vulnerabilities found by security scans and penetration tests. Integrating security scanning and guidance into a development workflow ultimately results in quicker production of more secure and stable applications
“Our vulnerability-specific guidance is structured in an expanding knowledge pathway,” said Ed Adams, Security Innovation CEO.” “Unlike other solutions such as Google, books, etc., TeamMentor avoids overwhelming the user with information. Instead, it progressively educates by allowing the user to quickly grasp important concepts and fix their code faster and more effectively.”
TeamMentor provides guidance from Checkmarx’s browser-based client as well as Checkmarx’s plugins for Visual Studio and Eclipse, allowing the developer to access security guidance right from their development environments.


</close>

CloudSpokes & Checkmarx Team Up to Secure Thurgood Software Development Tool

11 Jul 2013 | By Sharon Solomon

CloudSpokes, the leader in crowdsourced cloud development, today announced the availability of Thurgood, a new cloud-based tool to automatically analyze the build, quality and security of code. As more organizations turn to crowdsourced and outsourced developer talent, CloudSpokes’ Thurgood gives developers and businesses the insight to easily determine the stability of submitted code, quickly identify any risks, as well as ensure high quality software development.

recent report found enterprises that adopted a community development model versus a traditional, in-house model were 62 percent more successful. With more businesses turning to crowdsourced development, CloudSpokes’ Thurgood enables organizations to quickly determine the caliber and strength of any developers’ submitted code. With this level of visibility and accuracy, Thurgood offers organizations a new standard of authenticating and validating code, while enabling developers to immediately spot opportunities to improve their work.

“Crowdsourced development can seem like a Catch-22: developers can claim to develop specific software, but how do businesses ensure quality throughout the entire process?” said Mike Morris, General Manager, CloudSpokes. “Thurgood quickly eliminates this uncertainty and allows developers to submit code early and often to both the developer and business to easily determine the caliber of the code and make the necessary tweaks. As more businesses crowdsource software development, Thurgood ensures submitted code is consistent, complete and ready for business.”

Thurgood was developed by CloudSpokes and accepts all coding languages. The tool incorporates Cloudbees Jenkins Enterprise and Checkmarx security and vulnerability scans to provide automated quality and security review of submitted software development packages. Thurgood automatically configures code analysis tools depending on environments like code coverage, code formatting, unit test execution, bug detection and security analysis.

Once a developer submits code to Thurgood, the code is downloaded, generates the necessary build files and is committed to a git repository. The committed code is then scanned by Cloudbees and Checkmarx with the final results returned to the developer. Developers are able to see the entire submission and detailed partner feedback, eliminating the time previously needed to test code and creating code best practices. The Thurgood tool also provides the CloudSpokes team visibility into what community members are working on and their respective progress on challenges.

“Precautionary measures of secure coding are rapidly becoming a recognized necessity in the code development lifecycle,” said David Hyman, Vice President, SaaS Operations, Checkmarx. “CloudSpokes’ adoption of secure coding practice shows commitment to its customers and makes a clear statement that the community takes security seriously.”

Thurgood is implemented into CloudSpokes now. For more information on Thurgood, please see the demo or visit: https://www.cloudspokes.com/

About CloudSpokes
CloudSpokes is the leader in crowdsourced cloud development. The crowdsourcing marketplace matches companies who need development work with a worldwide community of more than 75,000 cloud experts. CloudSpokes’ developers compete for cash and recognition by participating in contests to create enterprise-class solutions. With proven proficiency using today’s leading public cloud platforms and languages, including Amazon Web Services, Cloud Foundry, Force.com, Heroku, HTML5, Ruby and Java, the CloudSpokes’ community depth and breadth of expertise and commitment to community software development is unrivaled. Founded in 2011, CloudSpokes was created and is operated by Appirio.

CloudSpokes, the leader in crowdsourced cloud development, today announced the availability of Thurgood, a new cloud-based tool to automatically analyze the build, quality and security of code. As more organizations turn to crowdsourced and outsourced developer talent, CloudSpokes’ Thurgood gives developers and businesses the insight to easily determine the stability of submitted code, quickly identify any risks, as well as ensure high quality software development.

recent report found enterprises that adopted a community development model versus a traditional, in-house model were 62 percent more successful. With more businesses turning to crowdsourced development, CloudSpokes’ Thurgood enables organizations to quickly determine the caliber and strength of any developers’ submitted code. With this level of visibility and accuracy, Thurgood offers organizations a new standard of authenticating and validating code, while enabling developers to immediately spot opportunities to improve their work.

“Crowdsourced development can seem like a Catch-22: developers can claim to develop specific software, but how do businesses ensure quality throughout the entire process?” said Mike Morris, General Manager, CloudSpokes. “Thurgood quickly eliminates this uncertainty and allows developers to submit code early and often to both the developer and business to easily determine the caliber of the code and make the necessary tweaks. As more businesses crowdsource software development, Thurgood ensures submitted code is consistent, complete and ready for business.”

Thurgood was developed by CloudSpokes and accepts all coding languages. The tool incorporates Cloudbees Jenkins Enterprise and Checkmarx security and vulnerability scans to provide automated quality and security review of submitted software development packages. Thurgood automatically configures code analysis tools depending on environments like code coverage, code formatting, unit test execution, bug detection and security analysis.

Once a developer submits code to Thurgood, the code is downloaded, generates the necessary build files and is committed to a git repository. The committed code is then scanned by Cloudbees and Checkmarx with the final results returned to the developer. Developers are able to see the entire submission and detailed partner feedback, eliminating the time previously needed to test code and creating code best practices. The Thurgood tool also provides the CloudSpokes team visibility into what community members are working on and their respective progress on challenges.

“Precautionary measures of secure coding are rapidly becoming a recognized necessity in the code development lifecycle,” said David Hyman, Vice President, SaaS Operations, Checkmarx. “CloudSpokes’ adoption of secure coding practice shows commitment to its customers and makes a clear statement that the community takes security seriously.”

Thurgood is implemented into CloudSpokes now. For more information on Thurgood, please see the demo or visit: https://www.cloudspokes.com/

About CloudSpokes
CloudSpokes is the leader in crowdsourced cloud development. The crowdsourcing marketplace matches companies who need development work with a worldwide community of more than 75,000 cloud experts. CloudSpokes’ developers compete for cash and recognition by participating in contests to create enterprise-class solutions. With proven proficiency using today’s leading public cloud platforms and languages, including Amazon Web Services, Cloud Foundry, Force.com, Heroku, HTML5, Ruby and Java, the CloudSpokes’ community depth and breadth of expertise and commitment to community software development is unrivaled. Founded in 2011, CloudSpokes was created and is operated by Appirio.


</close>

Checkmarx Announces Partnership with Deutsche Telekom to Offer a Software Security Solution

14 May 2013 | By Admin

The leader in Application Security Testing solutions, Checkmarx Ltd. is today announcing a partnership with Developer Garden, the Deutsche Telekom AG (DAX; DTE) ecosystem for developers.

“We are proud to announce the launch of this important and strategic partnership between Checkmarx and the Deutsche Telekom’s Developer Garden.  The partnership  provides developers with access to Checkmarx On Demand, the  most comprehensive resource for Secure Software in the cloud”, said David Hyman, VP SaaS Operations at Checkmarx.

Checkmarx’s static code analysis technology, named “Visionary” by Gartner, is the engine that powers up Developer Garden’s new service Code Analyzer. The tool enables software developers, to easily scan their code for security vulnerabilities, and handle them.

The leader in Application Security Testing solutions, Checkmarx Ltd. is today announcing a partnership with Developer Garden, the Deutsche Telekom AG (DAX; DTE) ecosystem for developers.

“We are proud to announce the launch of this important and strategic partnership between Checkmarx and the Deutsche Telekom’s Developer Garden.  The partnership  provides developers with access to Checkmarx On Demand, the  most comprehensive resource for Secure Software in the cloud”, said David Hyman, VP SaaS Operations at Checkmarx.

Checkmarx’s static code analysis technology, named “Visionary” by Gartner, is the engine that powers up Developer Garden’s new service Code Analyzer. The tool enables software developers, to easily scan their code for security vulnerabilities, and handle them.


</close>

Checkmarx & Eclipse Team Up to Promote Secure Coding

21 Feb 2013 | By Sharon Solomon

Press Release: Checkmarx – Wed, Feb 20, 2013 7:00 AM EST

TEL-AVIV, Israel, February 20, 2013 /PRNewswire/ –

Checkmarx is delighted to announce a new strategic partnership with the Eclipse Foundation.

Recognized as a pioneer and leader in the Open Source software development industry, Eclipse provides developers with an integrated development platform.  Today, Eclipse is used by millions of developers worldwide to provide a stable and secure development platform.

Checkmarx is well known as a leader and visionary for Static Application Security Testing (SAST) solutions.  With ability to scan all major coding languages, Checkmarx automatically identifies software vulnerabilities and measures the security risks in the source code.  The new On Demand solution uses a Checkmarx engine “in the cloud”; simply press scan and get results in minutes!

The Eclipse/Checkmarx integration works in a way that throughout any point in the development lifecycle, Eclipse users can simply click “Checkmarx Scan” from within the Eclipse platform and a security scan is carried out in real time.

“We’re excited about the launch of our partnership with Eclipse.  Many of our customers depend on Eclipse as a means for code development & quality…bringing code quality together with our On Demand model for code security delivers fantastic value and benefit to an already strong community of Eclipse developers. We look forward to working closer with the Eclipse community” said Maty Simon, Checkmarx Founder and CTO.

Eclipse Executive Director Mike Milinkovich added “Adding Checkmarx as an Eclipse member is a great win for the Eclipse community.  Having solutions in the Eclipse community that promote better ways to develop safe code will help our community. Checkmarx’s 2 month complimentary offer for Eclipse users will be a great way for people to try out their static analysis solution.”

As an exclusive offer for the Eclipse community, Checkmarx is granting All Eclipse users with a complimentary 2 month full service account.  Simply register and get started in minutes!

Press Release: Checkmarx – Wed, Feb 20, 2013 7:00 AM EST

TEL-AVIV, Israel, February 20, 2013 /PRNewswire/ –

Checkmarx is delighted to announce a new strategic partnership with the Eclipse Foundation.

Recognized as a pioneer and leader in the Open Source software development industry, Eclipse provides developers with an integrated development platform.  Today, Eclipse is used by millions of developers worldwide to provide a stable and secure development platform.

Checkmarx is well known as a leader and visionary for Static Application Security Testing (SAST) solutions.  With ability to scan all major coding languages, Checkmarx automatically identifies software vulnerabilities and measures the security risks in the source code.  The new On Demand solution uses a Checkmarx engine “in the cloud”; simply press scan and get results in minutes!

The Eclipse/Checkmarx integration works in a way that throughout any point in the development lifecycle, Eclipse users can simply click “Checkmarx Scan” from within the Eclipse platform and a security scan is carried out in real time.

“We’re excited about the launch of our partnership with Eclipse.  Many of our customers depend on Eclipse as a means for code development & quality…bringing code quality together with our On Demand model for code security delivers fantastic value and benefit to an already strong community of Eclipse developers. We look forward to working closer with the Eclipse community” said Maty Simon, Checkmarx Founder and CTO.

Eclipse Executive Director Mike Milinkovich added “Adding Checkmarx as an Eclipse member is a great win for the Eclipse community.  Having solutions in the Eclipse community that promote better ways to develop safe code will help our community. Checkmarx’s 2 month complimentary offer for Eclipse users will be a great way for people to try out their static analysis solution.”

As an exclusive offer for the Eclipse community, Checkmarx is granting All Eclipse users with a complimentary 2 month full service account.  Simply register and get started in minutes!


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.