Software Exposure is the new unknown. But not for long.
Manage Software Exposure at the Speed of DevOps
Gartner Magic Quadrant for Application Security Testing, 2018
The Complete Guide to Developer Secure Coding Education
CISO of Brussels Airlines answers "Why Checkmarx?"
Checkmarx is pioneering Software Exposure
Our use of term ‘citizen’ has evolved. It has transmogrified from its original context pertaining to: any native or naturalized member of a state or nation who owes allegiance to its government. Today then, citizen means: a consumer-level or non-specialist participant who engages in the formal activities of an established profession. The citizen (insert job title) will typically carry out his or her actions and then subsequently post the results on social networks and various Internet-based forums.
The problem, encapsulated
Here’s the problem in a nutshell. Ask a citizen developer if they think citizen programming is a good thing and they will say yes. Ask a developer and they will say no. Ask a software testing and management company and they will say yes, but only if the software is tested and managed and controlled. Ask a cloud development company and they will say yes, but only if the resulting software is compartmentalized, virtualized away and containerized appropriately. Ask a security-aware code analysis company and they will say yes, but security measures need to be baked into the development process itself so that security checks are not left to the final stage, when there is often additional pressure to complete the project in time for deadlines.
Read the full article at Forbes.
Designers can take an idea and turn it into a masterpiece of user interactivity, and because of their competence in all things aesthetic and interface, they’re often asked to undergo tasks that, honestly, should not fall on their shoulders. Yet, they still trudge along in the noble effort to retain clients. One of the worst types of encounters they are faced with comes in the form of web security, which is about as close to web design as a beanie is to jogging shoes. Sure, they’ll get used by the same person, but their origins are wildly different.
In many cases, designers will reach out through channels like Craigslist to find one-off programmers and “security experts” but often end up short in terms of accountability or assurance. But, for those who want to come out of the task looking like an internet champion, there are some security tools available that will not only get the work completed, but they will help keep a website or web app safe for as long as required.
As a web security service, Checkmarx is one of those end-all, be-all products that will cover anything. Their tools not only cover everything from the OWASP top 10 and SANS list of known security breaches, but they have some killer services that a designer can use to significant effect. As far as these are concerned, the best comes in the form of software code analysis that checks web applications for vulnerabilities and can even deploy fixes for these security holes.
They go far beyond just that, though, and are a trusted enough resource that their clientele includes behemoths like the federal government and Deutsche Telekom (The company behind T-Mobile). Their ability to find system vulnerabilities as well as offering access to an abundance of tools to fix any issues make Checkmarx unbeatable in the realm of security.
Read the original article on TechSheer.
The awards recognize extraordinary growth driven by technology innovation. To determine the fastest growing companies, Deloitte reviewed fiscal year revenues over five years (2010-2014) then calculated and compared the revenue growth percentages. As part of the award, Checkmarx is automatically entered into the Deloitte Technology Fast 500 EMEA: a ranking of the 500 fastest-growing technology companies in Europe, the Middle East and Africa over the last five years.
Checkmarx is a creator of software solutions that secure mobile and web applications during the development process. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.
“We are thrilled to be ranked as the fastest growing security company in Israel,” said Asaph Shulman, VP Marketing at Checkmarx. “Being ranked as a Fast 50 Company is the result of many years of hard work and innovation by our team, and is a testament to the impact of Checkmarx’s technology. It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people.”
“As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk,” he continued.
“Achieving sustained revenue growth of 1286% over five years is a fantastic achievement for a technology company operating in a competitive global economy,” said Tal Chen, partner in charge of the Deloitte Brightman Almagor Zohar Israel Technology Fast 50 Program. Checkmarx deserves great recognition for its outstanding growth, and we congratulate them for it.”
Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army.
Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx.
“With his vast experience in the application security testing sector, Ron is the ideal candidate to manage the exponential growth we are experiencing in the North American market,” said Emmanuel Benzaquen, CEO of Checkmarx. “With his help, Checkmarx will continue displacing the established leaders in the field of application security and bring our disruptive technology to even more customers across different industries.”
Checkmarx is a provider of SAST software solutions that cover a broad variety of programming languages, securing mobile and web applications from the very beginning of the development. Checkmarx’s technology provides maximum application security for software developers and security experts throughout the software development life cycle (SDLC), in both on premise and on demand models. Recently named as the leading Challenger in the Application Security Testing Magic Quadrant by Gartner, Checkmarx is taking further strides to strengthen the company’s presence globally, and in North America in particular.
Ron brings to Checkmarx over 20 years of experience in the security industry. Prior to joining Checkmarx, Ron worked at Hewlett-Packard for nine years, most recently as VP of Sales in the Enterprise Security Products Division. Prior to HP he held several senior sales positions at McAfee and Ameritech.
“I am delighted to be joining such an innovative and dynamic a company as Checkmarx. Its innovative solutions and vision for the future of application security testing highlight why Checkmarx is quickly becoming a leader in the market,” noted the new VP, Ron Kormanek. “The increased reliance on web and mobile applications and their dependency on sensitive consumer information will lead to a demand for excellent and trustworthy application security solutions, and Checkmarx is ideally positioned to meet the challenge.”
IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive costs as well as deter the focus of developers primarily tasked with writing code.
With hundreds of rigorous security regulations set by various countries worldwide, it has become increasingly necessary to find comprehensive solutions to security source code problems. Thankfully, some of these service providers offer user-friendly browser plugins and simple ‘attach code and wait’ frameworks that reveal security threats upon a quick scan of the application’s source code.
Checkmarx is an example of a leading company that has developed precise tools for testing and analyzing code (while supporting a variety of programming languages) to identify invasive security issues. These and similar technologies essentially allow IT managers to reduce both the costs associated with maintaining security professionals as well as those potentially resulting from a failure to adequately address those threats.
With these and other fast-growing providers helping clients future-proof app development security, coders can reduce or eliminate time spent on handling security checking and concentrate their efforts on writing great code.
Read the original article on the SAP Business Innovation Blog.
The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.
In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.
Five Ways Retailers Can Secure Applications
1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.
2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.
3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.
4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.
5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.
The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.
Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.
Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.
Read the original article at Retail Online Integration here.
Integral, a highly respected New Zealand software developer is today announcing a resell agreement with Checkmarx, a global leader in Application Security Testing solutions.
“We are excited to announce the launch of this agreement between Integral and Checkmarx. The agreement allows us to provide New Zealand companies with local access to Checkmarx security solutions, on-premise and in the cloud, meaning developers can easily scan their code (even un-compiled) for security vulnerabilities, and handle them at any stage in the SDLC” said Simon Hornby, COO for Integral Limited.
Checkmarx is one of Israel’s fastest growing tech companies and boasts an impressive client base. Their solutions are being used globally by four of the world’s 10 largest software vendors as well as companies including Coca-Cola, Samsung, Salesforce.com and the US Army.
In recognition of its innovative software security testing technology, Checkmarx recently won the lucrative Red Herring award and was named Best Product – Application Security Solution 2014 by Cyber Defence Magazine.
Ran Lewinski, VP Sales APAC at Checkmarx commented:
“We are delighted that Integral are partnering with Checkmarx to provide New Zealand companies with access to the best Application Security Testing solutions available. Building an application and keeping it secure is a lot of work. One unchecked step can leave it exploitable by hackers. Checkmarx provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) by scanning software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and showing developers and security auditors where and how to fix them.”
Since its establishment in 1991, Integral has become one of New Zealand’s most experienced and enduring market-leading developers of software solutions for business intelligence. The Integral team of highly experienced consultants’ service clients across diverse industries including forestry, health, aerospace and logistics from our offices located in Auckland, Rotorua and Hawke’s Bay.
Checkmarx, a leader in web and mobile application security solutions, has been positioned the furthest for completeness of vision in the Challenger’s quadrant of Gartner’s 2014 Magic Quadrant for Application Security Testing report. Challengers are recognized as “vendors that have executed consistently, typically by focusing on a single technology and have demonstrated substantial competitive capabilities against the Leaders in this particular focus area, and also have demonstrated momentum in their customer base in terms of overall size and growth.”1
“We are thrilled to be named a Challenger in the Application Security Testing market, which we believe reflects our goal to lead the software security space with our disruptive technology,” said Emmanuel Benzaquen, CEO of Checkmarx. “We feel our new position recognizes the advances in our application security expertise and reflects the exponential growth we have experienced in the last three years. We will continue to innovate to provide a constant challenge to the market leaders and work to bring Application Security Testing to the next level.”
According to the Gartner’s Report, “Cyber-attacks have changed from noisy, mass attacks aimed at ‘freezing’ large numbers of computers to targeted and financially motivated attacks. These have included SQL injection, cross-site request forgery (XSRF) and XSS, which are focused on manipulating applications and stealing or tampering with sensitive data. Hackers easily gain access to open-source technologies that enable remote application inspection and probing.1
“Enterprises are increasingly understanding the necessity to implement application security disciplines. Today’s application security markets offer a variety of reasonably mature technologies, and demonstrate innovations that are capable of deterring new threats brought to life by new social and business phenomena, such as cloud and mobile,” the report continues.1
According to the report, “Through 2015, more than 75% of mobile applications will fail basic security tests.”1
Checkmarx addresses this issue by creating SAST software solutions that secure mobile and web applications from the very beginning of the programming process in order to protect consumer data. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.
Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army. To learn more, visit: http://www.checkmarx.com
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
1 Gartner, Inc. “2014 Magic Quadrant for Application Security Testing” by Joseph Fieman, Neil MacDonald, July 1, 2014.
Prestigious Award Given to Europe’s Most Promising Private Technology Ventures
(April 14, 2014. Tel Aviv, Israel) – Checkmarx, a leading provider of code analysis tools that identify security vulnerabilities in web and mobile applications, is delighted to be awarded a 2014 Red Herring Top 100 Europe Award, which celebrates the innovative technologies of private companies across the European region.
Red Herring’s Top 100 Europe list has become a mark of distinction for identifying promising new companies and entrepreneurs. Red Herring’s editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay would change the way we live and work.
“Selecting startups that show the most potential for disruption and growth is never easy,” said Alex Vieux, publisher and CEO of Red Herring. “We looked at hundreds and hundreds of candidates from all across the continent, and after much thought and debate, narrowed the list down to the Top 100 Winners. Each year, the competition gets tougher but we believe Checkmarx demonstrates the vision, drive and innovation that define a Red Herring winner.”
Checkmarx is a creator of software solutions that secure mobile and web applications in order to protect consumer data as they are programmed. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.
“We are thrilled to win this award,” said Emmanuel Benzaquen, CEO of Checkmarx. “It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people. As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk.”
Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technological innovation, management quality, overall business strategy and market penetration. This assessment was complemented by a review of the track records and standings of similar startups in the same verticals, allowing Red Herring to see past the “buzz” and make the list a valuable instrument of discovery and advocacy for the most promising new business models in the European region.
Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Coca Cola, Salesforce and the US Army.
About Red Herring
Red Herring is a global media company which unites the world’s best high technology innovators, venture investors and business decision makers in a variety of forums: a leading innovation magazine, an online daily technology news service, technology newsletters and major events for technology leaders around the globe. Red Herring provides an insider’s access to the global innovation economy, featuring unparalleled insights on the emerging technologies driving the economy.
Amidst the sudden surge of security threats and emergence of innovative security approaches, enterprise security firms that are able to function as a catalyst in connecting the industry with the cutting-edge security solutions will dominate the market. Since an organization’s success is impacted greatly by the security methods implemented, the time is ripe for companies offering purpose-specific enterprise security solutions.
With more funding predicted and threats from hackers being prominent than ever, this is the appropriate time to identify some of the right enterprise security companies that provide unique solutions. To help CIOs navigate and find the right enterprise security solution providers, CIOReview presents the “20 Most Promising Enterprise Security Companies”.
A distinguished panel comprising of CIOs and CEOs of public companies, analysts, and the CIOReview editorial board finalized the 20 Most Promising Enterprise Security Companies. Checkmarx would like to congratulate the other 19 finalists – we’re thrilled to be among the best!