In the News

Android app security tested by malware and vulnerabilities

2 Dec 2016 | By Michael Heller

Matt Rose, global director of application security strategy at Checkmarx, said he was wary about Zimperium releasing the exploit code.

"The reasoning here is that it is a real issue and consciously being ignored then by the vendor and releasing the actual code would push them to acknowledge and remediate the issue and was necessary. However, if the vendor was contacted and they acknowledged the issue and said it was being addressed immediately then I would not support the release of the exploit code," Rose told SearchSecurity. "In this example it is irresponsible in my professional opinion and is being used to promote Zimperium's capabilities and not protect the provider or the end users."

 

Read the full report here

Matt Rose, global director of application security strategy at Checkmarx, said he was wary about Zimperium releasing the exploit code.

“The reasoning here is that it is a real issue and consciously being ignored then by the vendor and releasing the actual code would push them to acknowledge and remediate the issue and was necessary. However, if the vendor was contacted and they acknowledged the issue and said it was being addressed immediately then I would not support the release of the exploit code,” Rose told SearchSecurity. “In this example it is irresponsible in my professional opinion and is being used to promote Zimperium’s capabilities and not protect the provider or the end users.”

 

Read the full report here


</close>

WordPress Plugins could leave Online shoppers and businesses vulnerable on cyber Monday

23 Nov 2016 | By Paul Curran

As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday - more and more shoppers are preparing to do their purchasing online from the comfort of their homes.

In order to gain a better understanding of the potential threats posed by the hundreds of thousands of websites which utilize e-commerce plugins, the Checkmarx research lab used CxSAST, Checkmarx’s static code analysis solution to run a scan of the most used WordPress e-commerce plugins in the weeks leading up to Cyber Monday.

 

Continue reading this article here

As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday – more and more shoppers are preparing to do their purchasing online from the comfort of their homes.

In order to gain a better understanding of the potential threats posed by the hundreds of thousands of websites which utilize e-commerce plugins, the Checkmarx research lab used CxSAST, Checkmarx’s static code analysis solution to run a scan of the most used WordPress e-commerce plugins in the weeks leading up to Cyber Monday.

 

Continue reading this article here


</close>

Most Organizations Around the World Are Unprepared to Respond to Cyberattack

17 Nov 2016 | By Bloomberg BNA

Matt Rose, global director of Application Security Strategy at Checkmarx Ltd., an app security testing company, said ‘‘the problem is that cyberattacks are not just a technology issue but a process and people issue as well.’’ In order for security measures to work properly, ‘‘people need to know how to use them and what to do to prevent a cyberattack in addition to responding to a cyberattack,’’ Rose told Bloomberg BNA.

 

Read the full article here (PDF).

Matt Rose, global director of Application Security Strategy at Checkmarx Ltd., an app security testing company, said ‘‘the problem is that cyberattacks are not just a technology issue but a process and people issue as well.’’ In order for security measures to work properly, ‘‘people need to know how to use them and what to do to prevent a cyberattack in addition to responding to a cyberattack,’’ Rose told Bloomberg BNA.

 

Read the full article here (PDF).


</close>

New plugin allows DevOps teams to rapidly embed security into software development lifecycles

17 Nov 2016 | By Dawn Nicholls

NEW YORK: Checkmarx has announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security testing.

 

Click here for the full article. 

NEW YORK: Checkmarx has announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security testing.

 

Click here for the full article. 


</close>

New VS plugin from Checkmarx lets DevOps teams to rapidly embed security

16 Nov 2016 | By Christian Hargrave

Checkmarx just announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security testing.

 

Read the full article on App Developer Magazine

Checkmarx just announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security testing.

 

Read the full article on App Developer Magazine


</close>

​Checkmarx adopted by allPay to reduce software vulnerabilities and increase security

4 Nov 2016 | By Security Buyer

Checkmarx, a global leader in software application security, and allPay, a financial technology enterprise with a third-party payment platform, has announced allPay’s full implementation of Checkmarx solutions to increase its security posture. Checkmarx worked with industry partner, Galaxy Software Services Corporation (GSS), to drive adoption of its CxCAST solution across allPay’s suite of product lines.

 

The full article is available on Security Buyer

Checkmarx, a global leader in software application security, and allPay, a financial technology enterprise with a third-party payment platform, has announced allPay’s full implementation of Checkmarx solutions to increase its security posture. Checkmarx worked with industry partner, Galaxy Software Services Corporation (GSS), to drive adoption of its CxCAST solution across allPay’s suite of product lines.

 

The full article is available on Security Buyer


</close>

The State of U.S. Federal Cybersecurity in 2016

3 Nov 2016 | By Paul Curran

One malicious email can, and has, jeopardized the sensitive data of countless U.S. civilians. How? Federal agencies collect and store some of the most sensitive and top secret data. This data ranges from top secret defense IP’s in the Department of Defense (DOD), current and former federal employee personal records at the Office of Personnel Management (OPM), the hypersensitive data found in the Department of Homeland Security (DHS) and, according to the 2016 Federal Information Security Modernization Act produced by the Office of Management and Budget (OMB), many of these agencies need to be doing much more to protect their sensitive data. For these federal agencies cybersecurity should be playing a major role in not only their day to day operations, but also in their future budgeting, planning and staff education and training.

2016 has been a big year not only for major breaches targeting federal agencies, but also for some big strides forward in the way that America’s treating the future of cybersecurity. To get a better understanding of what cybersecurity in the federal government looks like today, from astronomical budgets to NASA hacks, let’s take a look at what’s going on in the field of federal cybersecurity.

 

Continue reading this article here

One malicious email can, and has, jeopardized the sensitive data of countless U.S. civilians. How? Federal agencies collect and store some of the most sensitive and top secret data. This data ranges from top secret defense IP’s in the Department of Defense (DOD), current and former federal employee personal records at the Office of Personnel Management (OPM), the hypersensitive data found in the Department of Homeland Security (DHS) and, according to the 2016 Federal Information Security Modernization Act produced by the Office of Management and Budget (OMB), many of these agencies need to be doing much more to protect their sensitive data. For these federal agencies cybersecurity should be playing a major role in not only their day to day operations, but also in their future budgeting, planning and staff education and training.

2016 has been a big year not only for major breaches targeting federal agencies, but also for some big strides forward in the way that America’s treating the future of cybersecurity. To get a better understanding of what cybersecurity in the federal government looks like today, from astronomical budgets to NASA hacks, let’s take a look at what’s going on in the field of federal cybersecurity.

 

Continue reading this article here


</close>

Why don’t developers have a ‘spellchecker’ for security’?

31 Oct 2016 | By Maria Korolov

Built-in security education

Checkmarx is one of several vendors looking to address that very issue.

"We take source code, and do the analysis on 10 or 100 lines of code, allowing the developers to see the vulnerabilities at a very early stage," said Amit Ashbel, director of product marketing at Checkmarx. "And then we take them to a brief, five to 10 minute session on how to fix the code. We show them how to hack the code, and they can try it in real time. Then they understand what that vulnerability could have exposed to their code to."

As a result, the learning is delivered exactly when the developers need it most, he said.

"They don't have to move away from their desk, they don't have to spend too much time sitting in a room and listening to lectures," he said. "I think this is the way to do secure coding education."

 

Continue reading this article here

Built-in security education

Checkmarx is one of several vendors looking to address that very issue.

“We take source code, and do the analysis on 10 or 100 lines of code, allowing the developers to see the vulnerabilities at a very early stage,” said Amit Ashbel, director of product marketing at Checkmarx. “And then we take them to a brief, five to 10 minute session on how to fix the code. We show them how to hack the code, and they can try it in real time. Then they understand what that vulnerability could have exposed to their code to.”

As a result, the learning is delivered exactly when the developers need it most, he said.

“They don’t have to move away from their desk, they don’t have to spend too much time sitting in a room and listening to lectures,” he said. “I think this is the way to do secure coding education.”

 

Continue reading this article here


</close>

Top Culture Changes to Make DevOps a Reality – Part 2

26 Oct 2016 | By Devops Digest

The most important culture change required to embrace DevOps in an organization is to forget about the traditional silo approach. Departments are no more responsible for their own delivery but rather everyone is responsible to deliver. While this sounds a bit like starring through rosey glasses, the fact is that the whole idea of DevOps and DevSecOps grew out of the agile movement which is based on breaking teams and creating cross functional groups. Once people understand that they all have the same goal, mistakes are addressed in a positive blameless manner and issues are addressed in a much healthier and efficient way.
Amit Ashbel
Cyber Security Evangelist, Checkmarx

 

The full article is available here

The most important culture change required to embrace DevOps in an organization is to forget about the traditional silo approach. Departments are no more responsible for their own delivery but rather everyone is responsible to deliver. While this sounds a bit like starring through rosey glasses, the fact is that the whole idea of DevOps and DevSecOps grew out of the agile movement which is based on breaking teams and creating cross functional groups. Once people understand that they all have the same goal, mistakes are addressed in a positive blameless manner and issues are addressed in a much healthier and efficient way.
Amit Ashbel
Cyber Security Evangelist, Checkmarx

 

The full article is available here


</close>

13 IT leaders confess their scary stories and deep, dark fears

25 Oct 2016 | By Nano Serwich

Doomed to repeat mistakes

“In my many years of experience helping some of the largest organizations in the world roll out effective application security programs utilizing SAST the scariest trend I have seen is that application security takes a back seat to new features being released to the market or a hard release date. Application security is important but only when it is convenient and does not interfere with business drivers. Companies try to solve the application security problem with products and neglect to define and implement the process with the associated application security products. The fundamental misconception about application security is that it is not about just 'scanning code' but rather remediating real issues and educating developers how not to make the same mistakes over and over again.”

Matt Rose, ‎Global Director Application Security Strategy, Checkmarx

 

Read the full article on The Enterprisers Project here.

Doomed to repeat mistakes

“In my many years of experience helping some of the largest organizations in the world roll out effective application security programs utilizing SAST the scariest trend I have seen is that application security takes a back seat to new features being released to the market or a hard release date. Application security is important but only when it is convenient and does not interfere with business drivers. Companies try to solve the application security problem with products and neglect to define and implement the process with the associated application security products. The fundamental misconception about application security is that it is not about just ‘scanning code’ but rather remediating real issues and educating developers how not to make the same mistakes over and over again.”

Matt Rose, ‎Global Director Application Security Strategy, Checkmarx

 

Read the full article on The Enterprisers Project here.


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.