In the News

Why mobile game developers need to say “Game Over” to the man-in-the-middle

14 Dec 2017 | By Amit Ashbel

With a whopping 2.2 billion smartphone users worldwide, it is no surprise that mobile games make up 42 percent of the gaming market equating to $46.1 billion in revenue. What is surprising is that most of the mobile games, including those most popular among children and teens, are highly vulnerable to a breach, often inviting hackers into children's lives. While there is heightened awareness from consumers of the dangers associated with mobile hacks and breaches, the fact that hackers have access to personal information is particularly disturbing when it involves applications most frequently used by children.

With a whopping 2.2 billion smartphone users worldwide, it is no surprise that mobile games make up 42 percent of the gaming market equating to $46.1 billion in revenue. What is surprising is that most of the mobile games, including those most popular among children and teens, are highly vulnerable to a breach, often inviting hackers into children’s lives. While there is heightened awareness from consumers of the dangers associated with mobile hacks and breaches, the fact that hackers have access to personal information is particularly disturbing when it involves applications most frequently used by children.


</close>

Predictions 2018: How DevOps, AI Will Impact Security

14 Dec 2017 | By Chris Preimesberger

Amit Ashbel, Director of Product Marketing and Cyber Security Evangelist, Checkmarx:  Here’s what’s next for DevOps. 
“DevOps is still maturing, and while many organizations are shifting to DevOps, many are still in the process and not there yet. That said, the DevOps movement will continue to grow and increase its scope to cover additional aspects of the product’s lifecycle. For us specifically, the introduction of security into DevOps is most interesting. The challenge continues to revolve around fast processes and short cycles of security tests with very clear and accurate findings led by remediation that has to be handed in a silver spoon to the developers. While many in the security industry are trying to make DevOps adopt security, I believe that the security vendors should work harder on adapting security practices to DevOps environments which is exactly what Checkmarx have been doing for many years now.”

Amit Ashbel, Director of Product Marketing and Cyber Security Evangelist, Checkmarx:  Here’s what’s next for DevOps. 
“DevOps is still maturing, and while many organizations are shifting to DevOps, many are still in the process and not there yet. That said, the DevOps movement will continue to grow and increase its scope to cover additional aspects of the product’s lifecycle. For us specifically, the introduction of security into DevOps is most interesting. The challenge continues to revolve around fast processes and short cycles of security tests with very clear and accurate findings led by remediation that has to be handed in a silver spoon to the developers. While many in the security industry are trying to make DevOps adopt security, I believe that the security vendors should work harder on adapting security practices to DevOps environments which is exactly what Checkmarx have been doing for many years now.”


</close>

Infosec expert viewpoint: DevOps security

27 Nov 2017 | By Mirko Zorz

In talking to companies all over the U.S, it is almost unanimous that DevOps is here to stay. DevOps modernizes the software development life cycle and deployment to account for the way businesses are run. I would say 90-95% of enterprise companies have some sort of DevOps initiative and are investing significant time and resources into the DevOps initiative. Organizations that have truly implemented DevOps are already seeing significant results in terms of application quality and speed to market.

Along with the benefits of creating effective and efficient software applications, DevOps can ensure organizations are secure by simply following the integration and automation process that already exists within development.

If security is bolted on as an addition or implemented outside of the DevOps process – instead of automated like CI/CD and baked into the practice – it will not be successful. This removes the manual aspect of security testing which produces push back from developers and DevOps players. However, DevOps players are not security experts and their primary goal is releasing quality software faster.

In talking to companies all over the U.S, it is almost unanimous that DevOps is here to stay. DevOps modernizes the software development life cycle and deployment to account for the way businesses are run. I would say 90-95% of enterprise companies have some sort of DevOps initiative and are investing significant time and resources into the DevOps initiative. Organizations that have truly implemented DevOps are already seeing significant results in terms of application quality and speed to market.

Along with the benefits of creating effective and efficient software applications, DevOps can ensure organizations are secure by simply following the integration and automation process that already exists within development.

If security is bolted on as an addition or implemented outside of the DevOps process – instead of automated like CI/CD and baked into the practice – it will not be successful. This removes the manual aspect of security testing which produces push back from developers and DevOps players. However, DevOps players are not security experts and their primary goal is releasing quality software faster.


</close>

Share the Cost of Secure Application Development

22 Nov 2017 | By Amit Ashbel

The cost of protecting applications from cyberattacks is climbing fast. So, it's time for business units to help cover the pricetag.

The 2017 Ponemon Institute study reaffirms that while this year has seen more hacks and breaches than 2016, organizations are actually spending less money per breach. But the climbing security stocks in the wake of recent hacks seem to indicate that organizations and their CISOs are more than prepared to invest in increased security measures.

In fact, SANS Institute reported last year that despite IT budgets decreasing overall, on average, security budgets are increasing. Furthermore, 76% of SANS respondents said application security fell into their top spending category.

The cost of protecting applications from cyberattacks is climbing fast. So, it’s time for business units to help cover the pricetag.

The 2017 Ponemon Institute study reaffirms that while this year has seen more hacks and breaches than 2016, organizations are actually spending less money per breach. But the climbing security stocks in the wake of recent hacks seem to indicate that organizations and their CISOs are more than prepared to invest in increased security measures.

In fact, SANS Institute reported last year that despite IT budgets decreasing overall, on average, security budgets are increasing. Furthermore, 76% of SANS respondents said application security fell into their top spending category.


</close>

The Best Way for Dev and Ops to Collaborate

9 Nov 2017 | By DevOps Digest

The DevOps culture removes the barriers between departments, and especially among those most deeply involved in DevOps; that is, the operations teams and developers. Historically, there has been a culture of inefficiency and miscommunication between developers and operations teams. This is due to many reasons, but primarily is due to a lack of unified goals: Developers work to code a project as quickly as possible to hand it off to operations in order for them to release it. But with DevOps requirements for small teams comprised of diverse team members working together on a project, and because agile processes are so dependent on the integration of these teams and their tools, collaboration in DevOps enterprises are automatically improved. These single teams break down silos by bringing together employees of diverse skill levels and backgrounds to help inspire more mutual trust and respect.
Amit Ashbel
Director of Product Marketing & Cyber Security Evangelist, Checkmarx

The DevOps culture removes the barriers between departments, and especially among those most deeply involved in DevOps; that is, the operations teams and developers. Historically, there has been a culture of inefficiency and miscommunication between developers and operations teams. This is due to many reasons, but primarily is due to a lack of unified goals: Developers work to code a project as quickly as possible to hand it off to operations in order for them to release it. But with DevOps requirements for small teams comprised of diverse team members working together on a project, and because agile processes are so dependent on the integration of these teams and their tools, collaboration in DevOps enterprises are automatically improved. These single teams break down silos by bringing together employees of diverse skill levels and backgrounds to help inspire more mutual trust and respect.
Amit Ashbel
Director of Product Marketing & Cyber Security Evangelist, Checkmarx


</close>

How Checkmarx Is Helping Developers Improve Mobile Security Skills

26 Oct 2017 | By Tom Smith

Checkmarx has launched new mobile security courses for developers. The interactive courses include secure coding for Android Java, Android Kotlin, iOS Objective C, and iOS Swift.

There are 9 free courses which can be found here. For each of the languages, there are one or two free exercises in each course depending on how many total exercises are offered. To have access to all the exercises, there is a paid option to upgrade.

Checkmarx has launched new mobile security courses for developers. The interactive courses include secure coding for Android Java, Android Kotlin, iOS Objective C, and iOS Swift.

There are 9 free courses which can be found here. For each of the languages, there are one or two free exercises in each course depending on how many total exercises are offered. To have access to all the exercises, there is a paid option to upgrade.


</close>

Checkmarx 2018 Predictions: DevOps is Here to Stay

23 Oct 2017 | By Matt Rose

One of the biggest areas for application security in 2018 is how it fits within a true DevOps environment. In my discussions with some of the largest organizations in the world there seems to be one common theme, and that is the movement to a true DevOps program. DevOps is a hot topic that pretty much every major enterprise is discussing or looking to implement. But what is DevOps and how does it help an organization develop and deliver better applications faster?  What are the core disciplines of DevOps?  Who are the players in a DevOps environment? These questions are being answered in many different ways from organization to organization but there seems to be a common theme emerging that everyone is at least thinking about DevOps.

That being said, I would say that only 5% of companies feel they have a true DevOps program in place and the other 95% are currently in a transition phase from a more structured Waterfall develops program.

The analogy I like to share is that DevOps programs are the equivalent to the social media culture that is here to stay, and to a point is actually expected by businesses and consumers. People no longer want to wait for new content, news feeds, product information or anything else for that matter. They want it NOW and feel that any delay in access to that information is unacceptable and frustrating.  As a kid I use to wait for the newspaper to be delivered in the morning to see what happened in the world the day before and then watched the 6:00 pm news to see what happened during the day. Information came out in very structured blocks of scheduled delivery. Local news broadcasts and newspapers were the structured blocks of information. Things are much different in today's social media driven culture. Sure newspapers and local news broadcasts still exist but the ridged structure of deliver is gone.  Information is available 24X7 via websites, news feeds, pod casts, Facebook, tweets, snaps, and tons of other different delivery methods.

DevOps is the way that the software release process has transformed from a scheduled and structured delivery process to a social media type delivery model.  No longer do organizations who develop applications wait for the equivalent of a morning newspaper or 6:00 pm local news broadcast. This is the old way to develop software in a waterfall or typical design, code, test release process.

 

One of the biggest areas for application security in 2018 is how it fits within a true DevOps environment. In my discussions with some of the largest organizations in the world there seems to be one common theme, and that is the movement to a true DevOps program. DevOps is a hot topic that pretty much every major enterprise is discussing or looking to implement. But what is DevOps and how does it help an organization develop and deliver better applications faster?  What are the core disciplines of DevOps?  Who are the players in a DevOps environment? These questions are being answered in many different ways from organization to organization but there seems to be a common theme emerging that everyone is at least thinking about DevOps.

That being said, I would say that only 5% of companies feel they have a true DevOps program in place and the other 95% are currently in a transition phase from a more structured Waterfall develops program.

The analogy I like to share is that DevOps programs are the equivalent to the social media culture that is here to stay, and to a point is actually expected by businesses and consumers. People no longer want to wait for new content, news feeds, product information or anything else for that matter. They want it NOW and feel that any delay in access to that information is unacceptable and frustrating.  As a kid I use to wait for the newspaper to be delivered in the morning to see what happened in the world the day before and then watched the 6:00 pm news to see what happened during the day. Information came out in very structured blocks of scheduled delivery. Local news broadcasts and newspapers were the structured blocks of information. Things are much different in today’s social media driven culture. Sure newspapers and local news broadcasts still exist but the ridged structure of deliver is gone.  Information is available 24X7 via websites, news feeds, pod casts, Facebook, tweets, snaps, and tons of other different delivery methods.

DevOps is the way that the software release process has transformed from a scheduled and structured delivery process to a social media type delivery model.  No longer do organizations who develop applications wait for the equivalent of a morning newspaper or 6:00 pm local news broadcast. This is the old way to develop software in a waterfall or typical design, code, test release process.

 


</close>

Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses

17 Oct 2017 | By DevOps Digest

The importance of integrating security tests in the software development life cycle is commonly discussed and widely agreed upon, yet getting developers to write secure code to begin with is known to be a challenge. According to the SANS 2016 State of Application Security survey, the lack of application security (AppSec) skills, tools and methods are top challenges organizations face when implementing AppSec solutions.

The importance of integrating security tests in the software development life cycle is commonly discussed and widely agreed upon, yet getting developers to write secure code to begin with is known to be a challenge. According to the SANS 2016 State of Application Security survey, the lack of application security (AppSec) skills, tools and methods are top challenges organizations face when implementing AppSec solutions.


</close>

ShiftLeft’s new cybersecurity platform customizes itself for every workload

11 Oct 2017 | By Maria Deutscher

Thanks to sophisticated development tools and practices that have emerged in recent years, application teams are producing code faster than ever. The downside is that the shorter release cycles become, the less time is left to check for potential security flaws.

Thanks to sophisticated development tools and practices that have emerged in recent years, application teams are producing code faster than ever. The downside is that the shorter release cycles become, the less time is left to check for potential security flaws.


</close>

Cloud-native apps push static code analysis tools to the limit

27 Sep 2017 | By Cameron McKenzie

Matt Rose is the global director of application security strategy at Checkmarx, an organization that provides static code analysis tools that play a key role in the secure software testing phase of the software development lifecycle. In other words, Mr. Rose knows a thing or two about securing applications.
Read the full interview here

Matt Rose is the global director of application security strategy at Checkmarx, an organization that provides static code analysis tools that play a key role in the secure software testing phase of the software development lifecycle. In other words, Mr. Rose knows a thing or two about securing applications.
Read the full interview here


</close>