Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing
Software Exposure is the new unknown. But not for long.
Manage Software Exposure at the Speed of DevOps
Gartner Magic Quadrant for Application Security Testing, 2019
The Complete Guide to Developer Secure Coding Education
CISO of Brussels Airlines answers "Why Checkmarx?"
Checkmarx is pioneering Software Exposure
Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx.
“With his vast experience in the application security testing sector, Ron is the ideal candidate to manage the exponential growth we are experiencing in the North American market,” said Emmanuel Benzaquen, CEO of Checkmarx. “With his help, Checkmarx will continue displacing the established leaders in the field of application security and bring our disruptive technology to even more customers across different industries.”
Checkmarx is a provider of SAST software solutions that cover a broad variety of programming languages, securing mobile and web applications from the very beginning of the development. Checkmarx’s technology provides maximum application security for software developers and security experts throughout the software development life cycle (SDLC), in both on premise and on demand models. Recently named as the leading Challenger in the Application Security Testing Magic Quadrant by Gartner, Checkmarx is taking further strides to strengthen the company’s presence globally, and in North America in particular.
Ron brings to Checkmarx over 20 years of experience in the security industry. Prior to joining Checkmarx, Ron worked at Hewlett-Packard for nine years, most recently as VP of Sales in the Enterprise Security Products Division. Prior to HP he held several senior sales positions at McAfee and Ameritech.
“I am delighted to be joining such an innovative and dynamic a company as Checkmarx. Its innovative solutions and vision for the future of application security testing highlight why Checkmarx is quickly becoming a leader in the market,” noted the new VP, Ron Kormanek. “The increased reliance on web and mobile applications and their dependency on sensitive consumer information will lead to a demand for excellent and trustworthy application security solutions, and Checkmarx is ideally positioned to meet the challenge.”
IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive costs as well as deter the focus of developers primarily tasked with writing code.
With hundreds of rigorous security regulations set by various countries worldwide, it has become increasingly necessary to find comprehensive solutions to security source code problems. Thankfully, some of these service providers offer user-friendly browser plugins and simple ‘attach code and wait’ frameworks that reveal security threats upon a quick scan of the application’s source code.
Checkmarx is an example of a leading company that has developed precise tools for testing and analyzing code (while supporting a variety of programming languages) to identify invasive security issues. These and similar technologies essentially allow IT managers to reduce both the costs associated with maintaining security professionals as well as those potentially resulting from a failure to adequately address those threats.
With these and other fast-growing providers helping clients future-proof app development security, coders can reduce or eliminate time spent on handling security checking and concentrate their efforts on writing great code.
Read the original article on the SAP Business Innovation Blog.
The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.
In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.
Five Ways Retailers Can Secure Applications
1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.
2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.
3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.
4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.
5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.
The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.
Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.
Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.
Read the original article at Retail Online Integration here.
Integral, a highly respected New Zealand software developer is today announcing a resell agreement with Checkmarx, a global leader in Application Security Testing solutions.
“We are excited to announce the launch of this agreement between Integral and Checkmarx. The agreement allows us to provide New Zealand companies with local access to Checkmarx security solutions, on-premise and in the cloud, meaning developers can easily scan their code (even un-compiled) for security vulnerabilities, and handle them at any stage in the SDLC” said Simon Hornby, COO for Integral Limited.
Checkmarx is one of Israel’s fastest growing tech companies and boasts an impressive client base. Their solutions are being used globally by four of the world’s 10 largest software vendors as well as companies including Coca-Cola, Samsung, Salesforce.com and the US Army.
In recognition of its innovative software security testing technology, Checkmarx recently won the lucrative Red Herring award and was named Best Product – Application Security Solution 2014 by Cyber Defence Magazine.
Ran Lewinski, VP Sales APAC at Checkmarx commented:
“We are delighted that Integral are partnering with Checkmarx to provide New Zealand companies with access to the best Application Security Testing solutions available. Building an application and keeping it secure is a lot of work. One unchecked step can leave it exploitable by hackers. Checkmarx provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) by scanning software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and showing developers and security auditors where and how to fix them.”
Since its establishment in 1991, Integral has become one of New Zealand’s most experienced and enduring market-leading developers of software solutions for business intelligence. The Integral team of highly experienced consultants’ service clients across diverse industries including forestry, health, aerospace and logistics from our offices located in Auckland, Rotorua and Hawke’s Bay.
Checkmarx, a leader in web and mobile application security solutions, has been positioned the furthest for completeness of vision in the Challenger’s quadrant of Gartner’s 2014 Magic Quadrant for Application Security Testing report. Challengers are recognized as “vendors that have executed consistently, typically by focusing on a single technology and have demonstrated substantial competitive capabilities against the Leaders in this particular focus area, and also have demonstrated momentum in their customer base in terms of overall size and growth.”1
“We are thrilled to be named a Challenger in the Application Security Testing market, which we believe reflects our goal to lead the software security space with our disruptive technology,” said Emmanuel Benzaquen, CEO of Checkmarx. “We feel our new position recognizes the advances in our application security expertise and reflects the exponential growth we have experienced in the last three years. We will continue to innovate to provide a constant challenge to the market leaders and work to bring Application Security Testing to the next level.”
According to the Gartner’s Report, “Cyber-attacks have changed from noisy, mass attacks aimed at ‘freezing’ large numbers of computers to targeted and financially motivated attacks. These have included SQL injection, cross-site request forgery (XSRF) and XSS, which are focused on manipulating applications and stealing or tampering with sensitive data. Hackers easily gain access to open-source technologies that enable remote application inspection and probing.1
“Enterprises are increasingly understanding the necessity to implement application security disciplines. Today’s application security markets offer a variety of reasonably mature technologies, and demonstrate innovations that are capable of deterring new threats brought to life by new social and business phenomena, such as cloud and mobile,” the report continues.1
According to the report, “Through 2015, more than 75% of mobile applications will fail basic security tests.”1
Checkmarx addresses this issue by creating SAST software solutions that secure mobile and web applications from the very beginning of the programming process in order to protect consumer data. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.
Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army. To learn more, visit: http://www.checkmarx.com
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
1 Gartner, Inc. “2014 Magic Quadrant for Application Security Testing” by Joseph Fieman, Neil MacDonald, July 1, 2014.
Prestigious Award Given to Europe’s Most Promising Private Technology Ventures
(April 14, 2014. Tel Aviv, Israel) – Checkmarx, a leading provider of code analysis tools that identify security vulnerabilities in web and mobile applications, is delighted to be awarded a 2014 Red Herring Top 100 Europe Award, which celebrates the innovative technologies of private companies across the European region.
Red Herring’s Top 100 Europe list has become a mark of distinction for identifying promising new companies and entrepreneurs. Red Herring’s editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay would change the way we live and work.
“Selecting startups that show the most potential for disruption and growth is never easy,” said Alex Vieux, publisher and CEO of Red Herring. “We looked at hundreds and hundreds of candidates from all across the continent, and after much thought and debate, narrowed the list down to the Top 100 Winners. Each year, the competition gets tougher but we believe Checkmarx demonstrates the vision, drive and innovation that define a Red Herring winner.”
Checkmarx is a creator of software solutions that secure mobile and web applications in order to protect consumer data as they are programmed. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.
“We are thrilled to win this award,” said Emmanuel Benzaquen, CEO of Checkmarx. “It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people. As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk.”
Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technological innovation, management quality, overall business strategy and market penetration. This assessment was complemented by a review of the track records and standings of similar startups in the same verticals, allowing Red Herring to see past the “buzz” and make the list a valuable instrument of discovery and advocacy for the most promising new business models in the European region.
Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Coca Cola, Salesforce and the US Army.
About Red Herring
Red Herring is a global media company which unites the world’s best high technology innovators, venture investors and business decision makers in a variety of forums: a leading innovation magazine, an online daily technology news service, technology newsletters and major events for technology leaders around the globe. Red Herring provides an insider’s access to the global innovation economy, featuring unparalleled insights on the emerging technologies driving the economy.
Amidst the sudden surge of security threats and emergence of innovative security approaches, enterprise security firms that are able to function as a catalyst in connecting the industry with the cutting-edge security solutions will dominate the market. Since an organization’s success is impacted greatly by the security methods implemented, the time is ripe for companies offering purpose-specific enterprise security solutions.
With more funding predicted and threats from hackers being prominent than ever, this is the appropriate time to identify some of the right enterprise security companies that provide unique solutions. To help CIOs navigate and find the right enterprise security solution providers, CIOReview presents the “20 Most Promising Enterprise Security Companies”.
A distinguished panel comprising of CIOs and CEOs of public companies, analysts, and the CIOReview editorial board finalized the 20 Most Promising Enterprise Security Companies. Checkmarx would like to congratulate the other 19 finalists – we’re thrilled to be among the best!
(CBR) –November 14, 2013 – IT consultants Ballintrae and Checkmarx, an application security testing, have joined forces to reduce software risk.
With risk high on the boardroom agenda, it is hoped that the partnership will help financial services organisations minimise software risk when developing and upgrading internal and client-facing applications.
By working together Ballintrae and Checkmarx believe they can deliver secure applications avoiding glitches with new software applications or systems outages and failures which can cause inconvenience, huge financial losses and reputational damage.
Steve Street, director of innovation at Ballintrae, said: “With our industry knowledge and expertise, coupled with the highly innovative Checkmarx Suite, our clients will have confidence at boardroom level that risk has been substantially reduced.”
Rafi Bhonker, VP sales at Checkmarx, added: “We are looking forward to working with Ballintrae together to introduce innovative Application Security solutions to the UK and communicate the importance of integrating Source Code Analysis into the software development lifecycle.”
Security Innovation, an authority in application security assessment and training, and Checkmarx, a leader in Application Security Testing, announce the seamless integration of TeamMentor with Checkmarx’s CxSuite Static Application Security Testing (SAST) tool.TeamMentor is the most comprehensive application security content management and guidance platform that offers remediation guidance, actionable security policy and secure software development knowledge. The latest release (v3.3.4) now adds new HMTL5 and Scala libraries as well as a library of vulnerability articles designed for integration with code scanners.The integration of Checkmarx’s CxSuite scan results with TeamMentor’s prescriptive security guidance helps users of CxSuite to more quickly identify and fix software vulnerabilities with clear and effective vulnerability remediation best practices that are mapped against static analysis findings.
“The Checkmarx SAST offers highly accurate results for our customers and is complemented by best fix location recommendations which significantly boosts productivity,” said Asaph Schulman, Director of Marketing at Checkmarx. “Coupling our best fix locations guidance with specific TeamMentor articles relevant to the particular findings can make a big difference in our users’ ability to effectively remediate their application security risks.”
The primary goal of this product integration is to provide Checkmarx users with quick and easy access to TeamMentor’s comprehensive security guidance that is accurate and relevant to specific code security questions. This reduces the number of security scan cycles that involve QA, Information Security or other teams, as well as the total number of vulnerabilities found by security scans and penetration tests. Integrating security scanning and guidance into a development workflow ultimately results in quicker production of more secure and stable applications
“Our vulnerability-specific guidance is structured in an expanding knowledge pathway,” said Ed Adams, Security Innovation CEO.” “Unlike other solutions such as Google, books, etc., TeamMentor avoids overwhelming the user with information. Instead, it progressively educates by allowing the user to quickly grasp important concepts and fix their code faster and more effectively.”
TeamMentor provides guidance from Checkmarx’s browser-based client as well as Checkmarx’s plugins for Visual Studio and Eclipse, allowing the developer to access security guidance right from their development environments.
CloudSpokes, the leader in crowdsourced cloud development, today announced the availability of Thurgood, a new cloud-based tool to automatically analyze the build, quality and security of code. As more organizations turn to crowdsourced and outsourced developer talent, CloudSpokes’ Thurgood gives developers and businesses the insight to easily determine the stability of submitted code, quickly identify any risks, as well as ensure high quality software development.
A recent report found enterprises that adopted a community development model versus a traditional, in-house model were 62 percent more successful. With more businesses turning to crowdsourced development, CloudSpokes’ Thurgood enables organizations to quickly determine the caliber and strength of any developers’ submitted code. With this level of visibility and accuracy, Thurgood offers organizations a new standard of authenticating and validating code, while enabling developers to immediately spot opportunities to improve their work.
“Crowdsourced development can seem like a Catch-22: developers can claim to develop specific software, but how do businesses ensure quality throughout the entire process?” said Mike Morris, General Manager, CloudSpokes. “Thurgood quickly eliminates this uncertainty and allows developers to submit code early and often to both the developer and business to easily determine the caliber of the code and make the necessary tweaks. As more businesses crowdsource software development, Thurgood ensures submitted code is consistent, complete and ready for business.”
Thurgood was developed by CloudSpokes and accepts all coding languages. The tool incorporates Cloudbees Jenkins Enterprise and Checkmarx security and vulnerability scans to provide automated quality and security review of submitted software development packages. Thurgood automatically configures code analysis tools depending on environments like code coverage, code formatting, unit test execution, bug detection and security analysis.
Once a developer submits code to Thurgood, the code is downloaded, generates the necessary build files and is committed to a git repository. The committed code is then scanned by Cloudbees and Checkmarx with the final results returned to the developer. Developers are able to see the entire submission and detailed partner feedback, eliminating the time previously needed to test code and creating code best practices. The Thurgood tool also provides the CloudSpokes team visibility into what community members are working on and their respective progress on challenges.
“Precautionary measures of secure coding are rapidly becoming a recognized necessity in the code development lifecycle,” said David Hyman, Vice President, SaaS Operations, Checkmarx. “CloudSpokes’ adoption of secure coding practice shows commitment to its customers and makes a clear statement that the community takes security seriously.”
Thurgood is implemented into CloudSpokes now. For more information on Thurgood, please see the demo or visit: https://www.cloudspokes.com/
CloudSpokes is the leader in crowdsourced cloud development. The crowdsourcing marketplace matches companies who need development work with a worldwide community of more than 75,000 cloud experts. CloudSpokes’ developers compete for cash and recognition by participating in contests to create enterprise-class solutions. With proven proficiency using today’s leading public cloud platforms and languages, including Amazon Web Services, Cloud Foundry, Force.com, Heroku, HTML5, Ruby and Java, the CloudSpokes’ community depth and breadth of expertise and commitment to community software development is unrivaled. Founded in 2011, CloudSpokes was created and is operated by Appirio.