In the News

Checkmarx Acquires Codebashing

25 Jul 2017 | By DevOps Digest

Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.

By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.

Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.

 

Click here to read the full article 

Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.

By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.

Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.

 

Click here to read the full article 


</close>

Israel’s Checkmarx buys security education firm Codebashing

25 Jul 2017 | By Tova Cohen

Israel's Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.

 

Click here to continue reading

Israel’s Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.

 

Click here to continue reading


</close>

SD Times news digest: July 24, 2017

24 Jul 2017 | By Christina Cardoza and Madison Moore

Checkmarx acquires security education provider
Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security knowledge and deliver secure apps.

According to Checkmarx, traditional ways of coding education such as long training courses is not effective. The company hopes to redefine secure coding education with Codebashing by providing hands-on interactive training.

 

Read the full article here

Checkmarx acquires security education provider
Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security knowledge and deliver secure apps.

According to Checkmarx, traditional ways of coding education such as long training courses is not effective. The company hopes to redefine secure coding education with Codebashing by providing hands-on interactive training.

 

Read the full article here


</close>

Checkmarx snaps up Codebashing to boost secure coding development

24 Jul 2017 | By Charlie Osborne

Checkmarx has acquired Codebashing, an application security training company.

The application security testing firm said on Monday that the deal is expected to improve Checkmarx's training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.

 

Continue reading on ZD Net

Checkmarx has acquired Codebashing, an application security training company.

The application security testing firm said on Monday that the deal is expected to improve Checkmarx’s training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.

 

Continue reading on ZD Net


</close>

SQL injection vulnerability found in popular WordPress plugin, again

3 Jul 2017 | By Max Metzger

Nor is it the first time that a vulnerable plugin has provided a route into WordPress. In 2013, Checkmarx released a report showing that 20 percent of WordPress plugins and seven of the top 10 ecommerce plugins were vulnerable to basic web attacks.

If an attacker were to find a list of plugins that a site uses, they could simply run a scan for known vulnerabilities in those plugins. Most recently, researchers found a “severe” SQL injection vulnerability in the gallery management plugin, NextGEN Gallery.

Amit Ashbel, cyber-security evangelist at Checkmarx, told SC Media UK that the popularity of the platform endures in spite of those holes: “Multiple large scale enterprises and SMBs use WordPress because it really does simplify managing and maintaining a web application. The real power of WordPress are its thousands of plugins which are developed by third parties and are there to provide additional functionality.”

Continue reading on SC Media UK

Nor is it the first time that a vulnerable plugin has provided a route into WordPress. In 2013, Checkmarx released a report showing that 20 percent of WordPress plugins and seven of the top 10 ecommerce plugins were vulnerable to basic web attacks.

If an attacker were to find a list of plugins that a site uses, they could simply run a scan for known vulnerabilities in those plugins. Most recently, researchers found a “severe” SQL injection vulnerability in the gallery management plugin, NextGEN Gallery.

Amit Ashbel, cyber-security evangelist at Checkmarx, told SC Media UK that the popularity of the platform endures in spite of those holes: “Multiple large scale enterprises and SMBs use WordPress because it really does simplify managing and maintaining a web application. The real power of WordPress are its thousands of plugins which are developed by third parties and are there to provide additional functionality.”

Continue reading on SC Media UK


</close>

DevOps & Security: Top 4 Myths Debunked

20 Jun 2017 | By Amit Ashbel

In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it is a process that continues to get more streamlined, faster and efficient – and deployments will be that much better if they are also fully secure before release time comes.

DevOps has far surpassed just being a trend, and major tech disrupters like Facebook, Etsy, Netflix, LinkedIn and Twitter, have all jumped on the DevOps adoption train. Even with large companies leading the way, there are still plenty of naysayers who reject the idea of a secure DevOps process. We’re here to debunk some of the most common myths.

 

Continue reading on IT Briefcase

In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it is a process that continues to get more streamlined, faster and efficient – and deployments will be that much better if they are also fully secure before release time comes.

DevOps has far surpassed just being a trend, and major tech disrupters like Facebook, Etsy, Netflix, LinkedIn and Twitter, have all jumped on the DevOps adoption train. Even with large companies leading the way, there are still plenty of naysayers who reject the idea of a secure DevOps process. We’re here to debunk some of the most common myths.

 

Continue reading on IT Briefcase


</close>

The importance of application security in an increasingly connected world

5 May 2017 | By Amit Ashbel

We're living in a world where technology is increasingly part of our everyday lives. Unfortunately, despite the advantages that all of this new technology offers, it also comes with risk. Although there is research to suggest that developers are becoming more security conscious, applications are still being developed without security in mind.

According to recent research from Ofcom's Tech Tracker, 71 percent of UK adults had a smartphone last year. Meanwhile even though the general feeling among researchers and analysts is that IoT devices will amount to approximately 30 billion by 2020 rather than the earlier predicted 50 billion, 30 billion is still a lot of connected devices. And just looking at the App Store at the beginning of this year, there were 2.2 million downloadable applications. As applications present such a large surface area for potential attacks, it's essential that organisations understand the context of application development and the differences between native and hybrid mobile development.

 

Continue reading on SC Magazine UK

We’re living in a world where technology is increasingly part of our everyday lives. Unfortunately, despite the advantages that all of this new technology offers, it also comes with risk. Although there is research to suggest that developers are becoming more security conscious, applications are still being developed without security in mind.

According to recent research from Ofcom’s Tech Tracker, 71 percent of UK adults had a smartphone last year. Meanwhile even though the general feeling among researchers and analysts is that IoT devices will amount to approximately 30 billion by 2020 rather than the earlier predicted 50 billion, 30 billion is still a lot of connected devices. And just looking at the App Store at the beginning of this year, there were 2.2 million downloadable applications. As applications present such a large surface area for potential attacks, it’s essential that organisations understand the context of application development and the differences between native and hybrid mobile development.

 

Continue reading on SC Magazine UK


</close>

April 2017: The month in hacks and breaches

2 May 2017 | By CSO Staff

More than 500,000 Australian websites went dark on April 13 thanks to a DDoS attack, and the month ended with a hacker stealing an entire unreleased season of Netflix’s Orange Is the New Black show.  Scroll down to see a timeline of all of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

Read the full article here

More than 500,000 Australian websites went dark on April 13 thanks to a DDoS attack, and the month ended with a hacker stealing an entire unreleased season of Netflix’s Orange Is the New Black show.  Scroll down to see a timeline of all of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

Read the full article here


</close>

Microsoft Build Partners

1 May 2017 | By Madison Moore

Checkmarx is an application security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications.  The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security testing.  Amongst the company’s 1,100+ customers are five of the world’s top 10 software vendors, Fortune 500 and government organizations.

 

Read the full article on SD Times

Checkmarx is an application security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications.  The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security testing.  Amongst the company’s 1,100+ customers are five of the world’s top 10 software vendors, Fortune 500 and government organizations.

 

Read the full article on SD Times


</close>

IoT will only ever be as secure as its application code

27 Apr 2017 | By Amit Ashbel

The Internet of Things offers a beautiful, interconnected vision of the future. However, secure code has to underpin all things IoT because just one chink in the armor leaves us all vulnerable.

The pace at which the Internet of Things (IoT) is entering our homes and workplaces is phenomenal. This proliferation brings lots of potential benefits to users but it also presents numerous security risks. There is currently no common IoT platform; instead there are various tech giants competing to own the IoT platform of choice with securing that platform seeming to be a lesser consideration. The Open Web Application Security Project (OWASP)’s top ten IoT list of vulnerabilities gives recommendations on how to develop IoT applications that will help fight off hacking attempts. In the IoT space, releases are generally quick and often so OWASPs top ten is certainly helpful but they can only have a positive affect if the underlying application code itself is secure.

 

Click here to continue readinghttps://www.checkmarx.com/wp-content/uploads/2017/04/Logos-for-INT-345x195-px.png

The Internet of Things offers a beautiful, interconnected vision of the future. However, secure code has to underpin all things IoT because just one chink in the armor leaves us all vulnerable.

The pace at which the Internet of Things (IoT) is entering our homes and workplaces is phenomenal. This proliferation brings lots of potential benefits to users but it also presents numerous security risks. There is currently no common IoT platform; instead there are various tech giants competing to own the IoT platform of choice with securing that platform seeming to be a lesser consideration. The Open Web Application Security Project (OWASP)’s top ten IoT list of vulnerabilities gives recommendations on how to develop IoT applications that will help fight off hacking attempts. In the IoT space, releases are generally quick and often so OWASPs top ten is certainly helpful but they can only have a positive affect if the underlying application code itself is secure.

 

Click here to continue readinghttps://www.checkmarx.com/wp-content/uploads/2017/04/Logos-for-INT-345×195-px.png


</close>