Checkmarx Team

Checkmarx Team
When it Comes to Vulnerability Triage, Ditch CVSS & Prioritize Exploitability
When it comes to software security, one of the biggest challenges facing developers today is information overload.
2021 Predictions: Digital Transformation & Software Security
As we look to next year, we’ll see an evolution of software security to support cloud native environments, especially as it relates to API authentication and authorization processes.
Closing a Mega M&A Deal During a Global Pandemic is Possible. Here’s How.
As the world continues to battle a global pandemic, major M&A deals shouldn’t be completely off the table. Here’s how you can still close that mega deal.
Code Dx
Mit Checkmarx und Code Dx behalten Unternehmen, die mit verschiedenen statischen und dynamischen Application-Security-Testing (AST) -Tools arbeiten, durchgehend den Überblick über ihre Testergebnisse: Code Dx unterstützt Entwickler mit einer umfangreichen und kostengünstigen Tool-Suite dabei, Software-Schwachstellen zu erkennen, zu priorisieren und
Rapid7
Rapid7 ist einer der führenden Anbieter für die Bereitstellung sicherheitsrelevanter Daten- und Analyse-Lösungen und unterstützt Unternehmen dabei, eine aktive und datengestützte Cybersecurity zu implementieren. Aufsetzend auf unsere langjährige Erfahrung mit Security-Daten und -Analysen sowie unser Knowhow rund um Angriffstechniken machen
CxSAST for Amazon Web Services
Hosten Sie CxSAST in einer AWS-Umgebung, und profitieren Sie von der nahtlosen Integration in Ihren Development Lifecycle – mit allen Vorzügen einer modernen Cloud-Lösung. Mit CxSAST für AWS verlagern Sie Ihr statisches Application Security Testing in eine sichere dedizierte AWS … Read More
Onapsis
Gemeinsam mit Onapsis stellt Checkmarx eine präzise und leistungsstarke Plattform für die Untersuchung Ihrer gesamten Codebasis bereit – SAP-Anwendungen und Systeme auf ABAP-Codebasis eingeschlossen. Mit statischem Application Security Testing (SAST) sichern Unternehmen Ihren Code zuverlässig ab. Für die Mehrheit der
Checkmarx auf dem Virtual NTT Summit 2020
Jetzt anmelden! Checkmarx auf dem Virtual NTT Summit 2020 (Digitales Event, 9. und 10. September 2020) Unser Partner NTT Data lädt am 9. und 10. September 2020 zum virtuellen NTT Summit 2020 – und Checkmarx ist natürlich mit dabei.
Onapsis
Checkmarx has teamed up with Onapsis to offer the most accurate and powerful platform to scan your entire codebase – including SAP applications and systems built on ABAP code. With applications at the core of any organization, Static Application Security
SecureWorld Dallas – Houston Virtual Conference
SecureWorld conferences provide more content and facilitate more professional connections than any other event in the cybersecurity industry. Join your fellow security professionals for high-quality, affordable training and education. Earn 6 to 16 CPE credits through 30-60 educational elements, learning
SecureWorld Detroit – Toronto – Cincinnati Virtual Conference
SecureWorld conferences provide more content and facilitate more professional connections than any other event in the cybersecurity industry. Join your fellow security professionals for high-quality, affordable training and education. Earn 6 to 16 CPE credits through 30-60 educational elements, learning
SecureWorld Atlanta – Charlotte Virtual Conference
SecureWorld conferences provide more content and facilitate more professional connections than any other event in the cybersecurity industry. Join your fellow security professionals for high-quality, affordable training and education. Earn 6 to 16 CPE credits through 30-60 educational elements, learning
SecureWorld Chicago – Twin Cities – St. Louis Virtual Conference
SecureWorld conferences provide more content and facilitate more professional connections than any other event in the cybersecurity industry. Join your fellow security professionals for high-quality, affordable training and education. Earn 6 to 16 CPE credits through 30-60 educational elements, learning
Getting Ahead of the Application Security Curve e-Summit
Application security continues to be a challenge for both developers and security professionals. While software development has accelerated across industries, studies indicate that a majority of organizations fail to allocate the resources needed to secure both mobile and IoT applications.
VIRTUAL CYBERSECURITY SUMMIT: NEW YORK
Description: ISMG’s Global Summit Series will take place across four continents focusing on global security topics such as fraud and breach prevention and on many key industry verticals such as finance, government, retail, energy and healthcare. All content will be
ThreadFix Vulnerability Management by Denim Group
Checkmarx has partnered with Denim Group to offer a comprehensive view of your application security testing results, allowing organizations to eliminate software risk from the first stages of the Software Development Life Cycle (SDLC). By pairing Checkmarx CxSAST’s powerful static
Code Dx
Checkmarx and Code Dx have partnered up to offer customers a streamlined way to view the testing results for organizations using multiple static and dynamic Application Security Testing (AST) tools. Code Dx, which provides a robust suite of fast and
Kondukto
Kondukto is a DevSecOps platform that embeds automated security tests in DevOps pipelines using various scanning tools, including Checkmarx CxSAST & CxSCA, and enables management of vulnerabilities discovered by different tools from a single platform. Starting with vulnerabilities discovered by
ZeroNorth
ZeroNorth delivers risk-based vulnerability orchestration across applications and infrastructure. By orchestrating security scanning tools, including Checkmarx CxSAST, throughout the entire software lifecycle, ZeroNorth provides a comprehensive, continuous view of risk and reduces costs associated with managing disparate technologies. ZeroNorth empowers
CircleCI
CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools, CircleCI has unique access to data on how engineering
DeveloperWeek Global Summit June
Virtual Event June 16-17, 2020. This is a Global event For more details Click Here
CloudBees Connect Virtual Summit 2020
North America May 19, EMEA May 20th Join a global online event with our community friends of continuous delivery and DevOps leaders and practitioners along with Jenkins users and innovation-focused developers for an informative and interactive full-day event. Connect with
Arobis
Arobis is an IT consulting company for the Swiss market with well experienced and well skilled consultants for IT security, SAP, IT Infrastructure and software development. As a Checkmarx partner Arobis offers comprehensive security consulting and solution expertise and is
Endpoint Labs
Endpoint-labs privately founded in 2013 is an award-winning pioneer in the next generation of application security solutions, rapidly becoming a widely recognized conspicuous in application security testing, security consultancy and vulnerability research. Our mission is to offer the most comprehensive
AutomotiveIT Congress 2020
AutomotiveIT Congress is one of the most important events for IT topics in the automotive industry and an excellent platform for your business. In view of the fact that around 500 executives and experts from the automotive and IT industries
RISK Conference 2020
RISK 2020 will bring together CIOs, CTOs, bank CSOs, retailers, telcos, government, system integrators, IT consultants and the world’s top Internet security people. We will host internationally renowned and acclaimed speakers, offering first class training. For more details Click Here
Bakotech
BAKOTECH is an International group of companies, one of the leaders in focused Value Added IT Distribution, representing solutions of leading IT vendors, providing professional pre-sales, post-sales, marketing and technical support for partners and end-customers. Geographically the Group operates in
AEC
Since it was founded in 1991, AEC has been one of the leading CZ/SK providers of information security products and services. The wide range of services includes penetration tests, security analyses, implementation of security technologies, and other specialized services (e.g.
DevOpsCon Berlin 2020
Checkmark is proud to be the sponsor of the event DevOps Con Berlin 2020. At DevOpsCon, you will meet internationally recognized thought leaders of the DevOps movement and benefit from their expertise. Attend inspiring sessions and in-depth workshops to learn
Product Management 4.0 Strategy Day
Annual congress on Product Management 4.0 / networking with 300 like-minded people / reference cases from practice / scientific insights and method briefing For more details Click Here
Fintech: Code 2020
fintech:CODE is Europe’s leading annual event focusing major challenges and best-in-class solutions that banks, asset management firms and insurance companies are experiencing when adopting and scaling DevOps at an enterprise level. During its 4th edition, 100+ DevOps strategists and practitioners,
Rethink IT Security
The rethink! IT Security is the strategy event for CISOs & IT security decision-makers to interactively discuss current projects, the latest developments, innovative technologies and trends in the field of cyber security, critical infrastructures, IT risk management & IT security
AEC Conference Security 2020
At AEC conference, “Security”, there is no place for marketing or business pre-sales presentations. The main goal of this event is to have a professional level of individual lectures and maximum benefit for the participants. AEC strongly emphasize the practical
4th CISO 360 Congress
From 2-4 December 2020, CISO leaders from around the world united in this trusted space to benchmark progress and challenges on cybersecurity priorities in the wonderful city of Madrid for the 4th CISO 360 Congress. The programme was designed to
ITWeb Security Summit Cape Town 2020
Join to the 3rd Annual ITWeb Security Summit Cape Town 2020 and showcase your products and solutions to an audience of information and cybersecurity professionals in the Western Cape. For more details Click Here
ITWeb Security Summit Johannesburg 2020
Join to the 15th Annual ITWeb Security Summit 2020 and showcase your products and solutions to the largest audience of information and cybersecurity professionals in South Africa. For more details Click Here
ItaliaSec IT Security Conference 2020
The ItaliaSec conference is Italy’s leading IT security platform, dedicated to senior cyber security professionals from the Retail, FMCG, Banking & Finance, Automotive, Utilities, Food & Beverage industries. Returning for its 4th year, the ItaliaSec agenda is designed to facilitate
OWASP Global AppSec Dublin 2021
Welcome to Global AppSec Dublin 2021 presented by the OWASP Foundation. Formerly known as AppSec EU, the Global AppSec Conference is the premier application security conference for developers and security experts. Designed for private and public sector infosec professionals, the
ASM Technologies
ASM Technologies delivers agile technology distribution across the IT channel. We concentrate on tier 2 and tier 3 brands often ignored by broad line distribution. We are the market leader in providing IT and technology based supplier rationalisation, building on
InfoSecurity Belgium 2020
Do you want to know everything about the latest digital developments, innovations and trends in IT? Visit Infosecurity.be, Data & Cloud Expo on September 9-10 2020! Checkmarx Booth: C114 For more details Click Here

Checkmarx Research: SoundCloud API Security Advisory
.tbl20200211 td{border:1px solid black;} Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection of music from
Celaes Cybersecurity Miami 2020
June 29-30 2020 Now in its 35th year, CELAES is the leading information security conference focused on the financial services industry. Attracting hundreds of thought-leaders, innovators and executives from around the globe every year, CELAES is a must-attend event for
RSA Conference 2020
RSA Conference 2020 takes place February 24 – 28 in San Francisco! Be part of a conversation that has the power to change the world. Join top cybersecurity leaders and a dedicated community of peers as we exchange the biggest,
Infosecurity Europe 2020
Infosecurity Europe (Infosec) is the region’s number one information security event featuring Europe’s largest and most comprehensive conference programme and over 400 exhibitors showcasing the most relevant information security solutions and products to over 15,000 information security professionals. Join us
Gartner Data & Analytics Summit Brazil 2020
Gartner Data & Analytics Summit 2020 is the must-attend conference for data and analytics leaders. Join in May to gain the skills to rewire your culture for an AI-augmented future: Understand how to deliver actionable insights through the art and
Les Assises 2020
The 20th edition of Les Assises de la Sécurité in Monaco is coming! Let’s create this unique event live in France. Conferences, one-to-one, round tables, workshops, networking moments … By their content… See you now for the next edition which
CyberTech 2020 Israel
Serving as a global dialogue on threats and solutions affecting the global community, the Cybertech conference offers a chance for participants to learn about the most innovative approaches to cyber by some of the most prominent experts from the industry.
CyberWeek 2021 Israel
Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. For more details Click Here
CISO Africa 2020
CISO Africa 2020 delves into why IT and data security has greater value than merely a defensive mechanism. Designed as a peer-led conference for information security, fraud and risk professionals, the CISO Africa 2020 conference will showcase pragmatic case studies
Atlantica
Atlantica is a System Integrator that has been operating for over 30 years, in Italy and abroad, in the Telco, Industry, Defense, Transport, Utilities and Public Administration areas, relying on a solid technological base to meet the needs of a
KMH Corp
Krav Maga Hacking is a global boutique consulting firm specializing in cybersecurity. It offers strategic consulting, risk analysis and regulatory compliance along with Business Continuity and Disaster Recovery consultancies. It offers ethical hacking services, Static Application Security Testing (SAST), Dynamic
Juno Media GmbH
Juno Media is a specialist for IT consulting, software development and software quality assurance, which provides services in all of German-speaking Switzerland and in neighboring countries from Zurich. The experienced consultants at Juno Media achieve excellent results through their deep
SwissConomy AG
SwissConomy AG has been founded in 2006 with the clear goal to be among the best, highly specialized IT Consulting & Service companies. Our aim is to generate sustainable added value for our customers. SwissConomy employs around 20 highly educated,
Performetriks
Performetriks is a performance engineering and application security service provider with offices in North America, Europe and Asia. One of our main tasks is ensuring that applications are operating fast and secure. Our key competence is in speeding up and
RNS Technology Services
RNS Technology Services, an information security consulting and future generation technology company. We support enterprises to thrive and transform in this everyday changing world through strategic consulting on Information Security, Advanced Endpoint Security, Network Security, Data Governance, SIEM with Incident
Inflow Technologies
Founded in the year 2005 and is headquartered in Bangalore. A niche player in the IT Distribution Services market in India / South Asia. Inflow Technologies addresses the growing needs of organizations to manage and secure information more effectively and
U.S. Air Force Directorate Selects Checkmarx to Enable Software Cyber Resiliency
Checkmarx Software Security Platform will harden USAF DevSecOps CI/CD pipeline and applications, and accelerate software delivery timelines NEW YORK – November 18, 2019 – Checkmarx, a global leader in software security solutions for DevOps, today announced that it has been
Neusol
Neusol is a multinational Solution Integrator specializing in BUILDING, OPERATING and SECURING your investments on your IT infrastructure. We assist our client to BUILD Strategies, Applications, Portals, etc. We address operational challenges by providing solutions to OPERATE. We SECURE by
Nordic IT Security Summit
Checkmarx Talk – Matt Rose and Michael Man of HSBC “Security in a DevOps Universe” 09:30 AM Track 3 For more details Click Here
Transformational CISO Assembly
Join Checkmarx at The Millennium Alliance Transformational CISO Assembly in Nashville, TN, November 19th & 20th, 2019. With the instances of cyber attacks increasing, businesses of all sizes are working tirelessly to secure their networks, devices, and data. Fortune 500
Checkmarx 获得 AWS 安全能力认证 (AWS Security Competency)
Checkmarx 获得 AWS 安全能力认证 (AWS Security Competency) 以色列拉玛特甘– 2019 年 10 月 2 日 – Checkmarx是 DevOps 软件安全解决方案领域的全球领导者,该公司今日宣布,其凭借市场领先的软件安全平台获得 Amazon Web Services (AWS) 安全能力认证 (AWS Security Competency)。这代表 Checkmarx 已经展现出了成熟的技术和深厚的专业水平,能够帮助企业在 AWS 上实现应用安全测试 (AST) 目标。Checkmarx 是首家获得此称号的 AST 软件供应商。 获得 AWS 安全能力认证后,Checkmarx 成为了 AWS 合作伙伴网络
Checkmarx Achieves AWS Security Competency Status
Checkmarx Software Security Platform available as a managed service on Amazon Web Services, in addition to on-premises and hybrid cloud environments RAMAT GAN, ISRAEL – October 2, 2019 – Checkmarx, a global leader in software security solutions for DevOps, today
Secon Cyber
Established in 1999, Secon Cyber has long-standing experience of delivering class-leading cyber security solutions to customers ranging from small to large enterprises. Secon Cyber’s expertise lies in their deep understanding of the cyber security market and ability to provide fit
The U.S. Navy’s NIWC Pacific Selects Checkmarx to Accelerate Application Development, Bolstering Nation’s Security Posture Against Adversaries
Strategic partnership will speed up the process of making new naval applications available from 24 months to 24 hours, while strengthening software security within C2C24 program NEW YORK – August 19, 2019 – Checkmarx, the global leader in software security
Checkmarx Named ‘Black Unicorn’ Award Winner for Establishing Market Leadership and Vision in Software Security
Leading software security company continues strong momentum with 60% YoY revenue growth in 1H 2019; industry luminaries predict Checkmarx will be among next ‘cyber unicorns’ RAMAT GAN, ISRAEL and LAS VEGAS – Black Hat USA 2019 – Booth 1030 –
Beijing Jelentsin Solutions Co., Ltd
Beijing Jelentsin Solutions Co., Ltd is an innovation and high-tech company with National High-tech Enterprise Certification. BTS has a long-standing commitment to provide premier cyber security products and solutions. BTS was committed to furthering the field of security code review
BlackHat US 2019
Now in its 22nd year, Black Hat USA is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by
Checkmarx Named a June 2019 Gartner Peer Insights Customers’ Choice for Application Security Testing
RAMAT GAN, ISRAEL – June 28, 2019 – Checkmarx, the Software Exposure Platform for the enterprise, has been named a June 2019 Gartner Peer Insights Customers’ Choice for Application Security Testing (AST). In the past twelve months alone, the company
Infosec
Info Security Consultant Co., Ltd. was established in 2002 from the demand of IT security professional services that have been frequency growing. INFOSEC is a 100% Thai-owned Company. INFOSEC is local distributor of IT security solutions. We provide IT security
Clearvision
Clearvision are an Atlassian Platinum Solution Partner with 20+ years experience helping teams find a software testing tool suitable for their teams and assisting in the completion of their SDLC. They provide support, hosting, training and consultancy solutions to Atlassian
Checkmarx Makes SCA Market Waves with Enhanced Open Source Security Offering
LONDON – Infosecurity Europe – Booth C100 – June 4, 2019 — Checkmarx, the Software Exposure Platform for the enterprise, has deepened its stake in the software composition analysis (SCA) market with a new homegrown engine for its CxOSA solution. Designed by
Advantio
Advantio is a cyber resilience expert trusted globally for delivering best of breed, world class cyber security services, on time and on budget. A recognized influencer and thought leader within the Payment Card Industry (PCI SSC GEAR Member), Advantio’s portfolio
Gartner Security & Risk Management Summit
Make sure you have the latest insights on fast-moving IT trends such as the Internet of Things (IoT) and artificial intelligence (AI), evolving security technologies and the ever-changing threat landscape. At Gartner Security & Risk Management Summit 2019, you’ll find
2nd Annual Indonesia Security Summit
The 2nd Annual Indonesia Security Summit will bring together 400+ pre-qualified CISOs, CIOs, CTOs, CEOs, senior information security, risk, forensics, compliance, cyber law and law enforcement professionals on the 3rd & 4th of September 2019 in Jakarta. This exclusive summit
Project Hosts Deploys Checkmarx Solutions on FedRAMP.gov
NEW YORK AND CONNEAUTVILLE, PA – May 16, 2019 – Checkmarx, the Software Exposure Platform for the enterprise, has deployed CxSAST on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS). This deployment facilitates Federal agencies to grant a FedRAMP
Teleion
Teleion is a system integrator operating on the Italian territory since late 80’s. Its strength is a team of senior professionals who help the customers to manage their business, offering software tools and methodologies finalized to optimize performance, mitigate risks,
Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing
RAMAT GAN, Israel – April 23, 2019 – Checkmarx, the Software Exposure Platform for the enterprise, today announced that it was named a Leader in Gartner’s 2019 analyst report, Magic Quadrant for Application Security Testing for the second consecutive year.
Security & Quality Software GmbH
Security & Quality Software GmbH is a privately held company with customers in all market segments who develop software themselves or rely on a software supply chain. We find security shortcomings and implement tools, processes, solutions and services to incorporate

Android WebView: Are Secure Coding Practices Being Followed?
WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how security best practices in

(More) Common Security Mistakes when Developing Swift Apps – Part II
In my post last week I shared common security mistakes developers make when building Swift applications – covering insecure data storage, symmetric key algorithms, insecure communication and more. If you haven’t read it, please take a few minutes to review

The History of JavaScript [INFOGRAPHIC]
Brendan Eich, a Netscape Communications Corporation programmer, created JavaScript in September 1995. It took Eich only 10 days to develop the scripting language, then known as Mocha.Let’s step back to look at this complex JavaScript history. Why Put the Java

Common Security Mistakes when Developing Swift Applications – Part I
Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many others at Apple Inc., Swift is

What’s in Your Website? Lurking Risk from Third-party Resources
Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, third-party resources provide important functional or business value.

How Secure Are the Browser Extensions You Create?
Extensions have become a must-have on every user’s browser. Since most users are not aware of the power of browser extensions, the responsibility for creating secure browser extensions belongs to you, the developer. Browser vendors also share some responsibility, and

Why Security and DevOps Desperately Need Couples Counseling
While at the 2018 Black Hat Conference in Las Vegas I asked attendees point blank if they think that security and DevOps should be in couples counseling. The universal response was a laugh and then a resounding, “Yes.” The reason couples

20 Ways to Make Application Security Move at the Speed of DevOps
Security has been getting a bad rap. For far too long the perceived “inhibitors” have been sidestepped by DevOps in an effort to increase productivity. As Ryan Davidsen, vp, worldwide security solutions, Secureworks, noted, “Traditional approaches for integrating security oversight … Read More
ITweb Cape Town
The ITWeb Security Summit, now in its 13th year, will address the challenges associated with the ever-changing threat landscape. Mikko Hypponen, chief research officer at F-Secure and cyber security luminary, will open the summit, joined by over 70 infosec professionals,
ITweb Johannesburg
The ITWeb Security Summit, now in its 13th year, will address the challenges associated with the ever-changing threat landscape. Mikko Hypponen, chief research officer at F-Secure and cyber security luminary, will open the summit, joined by over 70 infosec professionals,
DevSecCon Tel Aviv 2018
DevSecCon is coming to Tel Aviv for the first time, to bring together DevOps and Security in a unique conference run by practitioners, for practitioners. Join us for a day filled with inspiring talks and interactive workshops about DevSecOps ‘
Hancom Intelligence
Hancom Intelligence Inc. [KOSDAQ : MDS Technology Co],Hancom MDS Inc., the leader in embedded solutions in Korea, has been focusing on the embedded solutions industry for more than 20 years, having served over 1,500 clients, including Samsung, LG, Hyundai, and
Checkmarx is Named a Leader in the Gartner 2018 Magic Quadrant for Application Security Testing
RAMAT GAN, Israel–(BUSINESS WIRE)–Checkmarx, today announced that it has been named a Leader in Gartner’s 2018 Magic Quadrant for Application Security Testing. Checkmarx’s Application Security Testing platform includes CxCodebashing (Secure Coding Education), CxSAST (Static Application Security Testing), CxOSA (Open Source Analysis),
Checkmarx Names Bernd Leger Chief Marketing Officer
NEW YORK & RAMAT GAN, Israel–(BUSINESS WIRE)–Checkmarx, a global leader in application security testing, today announced that it has appointed Bernd Leger as Chief Marketing Officer. Leger has been an innovator in marketing helping fast-growing global companies scale for more
Checkmarx Announces Strong Momentum in 2017, Fueled by Revenue and Customer Growth
Application security testing leader saw a 70 percent year-over-year sales growth and added 350 new customers RAMAT GAN, Israel–(BUSINESS WIRE)–Checkmarx, a global leader in application security testing, today announced that it closed 2017 with more than 70 percent year-over-year sales
Tinder Vulnerability Lets Strangers See Your Photos & Matches
Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected
2018 DevOps Predictions
In 2018 one major change we will see as it relates to Application Security (AppSec) is that there will be a reduction of organizations running their own dynamic application security testing (DAST). Many organizations will begin to leverage interactive application
Why mobile game developers need to say “Game Over” to the man-in-the-middle
With a whopping 2.2 billion smartphone users worldwide, it is no surprise that mobile games make up 42 percent of the gaming market equating to $46.1 billion in revenue. What is surprising is that most of the mobile games, including
Predictions 2018: How DevOps, AI Will Impact Security
Amit Ashbel, Director of Product Marketing and Cyber Security Evangelist, Checkmarx: Here’s what’s next for DevOps. “DevOps is still maturing, and while many organizations are shifting to DevOps, many are still in the process and not there yet. That said, the DevOps movement
Checkmarx is the Number One Fastest Growing Cybersecurity Company in Israel Five Years in a Row
November 30, 2017 NEW YORK–(BUSINESS WIRE)–Checkmarx, a global leader in Application Security Testing, has been selected for the fifth year in a row as one of Israel’s fastest growing companies in Deloitte’s Fast 50 2017 awards program. Recognized for sustained
Infosec expert viewpoint: DevOps security
In talking to companies all over the U.S, it is almost unanimous that DevOps is here to stay. DevOps modernizes the software development life cycle and deployment to account for the way businesses are run. I would say 90-95% of
Share the Cost of Secure Application Development
The cost of protecting applications from cyberattacks is climbing fast. So, it’s time for business units to help cover the pricetag. The 2017 Ponemon Institute study reaffirms that while this year has seen more hacks and breaches than 2016, organizations are actually
The Best Way for Dev and Ops to Collaborate
The DevOps culture removes the barriers between departments, and especially among those most deeply involved in DevOps; that is, the operations teams and developers. Historically, there has been a culture of inefficiency and miscommunication between developers and operations teams. This
Checkmarx Announces Partnership with Leading IT Provider TeraMach, a Pivot Company
NEW YORK–(BUSINESS WIRE)–Checkmarx, a global leader in Application Security Testing, today announced a partnership with TeraMach, a Pivot company and full-service information technology provider. TeraMach will be able to offer enterprise customers Checkmarx’s leading application security solutions to protect critical and sensitive
How Checkmarx Is Helping Developers Improve Mobile Security Skills
Checkmarx has launched new mobile security courses for developers. The interactive courses include secure coding for Android Java, Android Kotlin, iOS Objective C, and iOS Swift. There are 9 free courses which can be found here. For each of the languages, there are
Checkmarx 2018 Predictions: DevOps is Here to Stay
One of the biggest areas for application security in 2018 is how it fits within a true DevOps environment. In my discussions with some of the largest organizations in the world there seems to be one common theme, and that is
Checkmarx Expands CxCodebashing Developer Application Security Training With New Interactive Mobile Security Courses
SAN FRANCISCO–(BUSINESS WIRE)–Checkmarx, a global leader in application security testing solutions, today announced it is launching new mobile security courses for developers. The interactive courses include secure coding for Android Java, Android Kotlin, iOS Objective C and iOS Swift. The importance
Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses
The importance of integrating security tests in the software development life cycle is commonly discussed and widely agreed upon, yet getting developers to write secure code to begin with is known to be a challenge. According to the SANS 2016 State
ShiftLeft’s new cybersecurity platform customizes itself for every workload
Thanks to sophisticated development tools and practices that have emerged in recent years, application teams are producing code faster than ever. The downside is that the shorter release cycles become, the less time is left to check for potential security flaws.
Mobile data theft a risk from shared app libraries
Matthew Rose, global director of application security strategy at Checkmarx, an application security software vendor headquartered in Israel, said there were a number of ways a shared library might be infected by a malicious actor. “Typically third-party libraries are maintained
Alert: Avoid These Security Cameras Like the Plague
The Loftek CXS-2200 and VStarcam C7837WIP, which look nearly identical, contained more than a dozen vulnerabilities between them, many of which would let an attacker take over the camera from the internet. “The vulnerabilities just kept on coming,” the report
Two IP-enabled cameras full of flaws
Checkmarx researchers said a pair of IP-enabled security cameras have nearly two dozen flaws that would make them vulnerable to attack. Loftek DSS-2200 and VStarcam C7837WIP, manufactured in China and aimed at the consumer market, also can be pressed into
Two Popular IP Cameras Riddled With Vulnerabilities
Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models
Remotely Exploitable Flaws Found in Popular IP Cameras
Checkmarx researchers have analyzed a couple of IP cameras from Loftek and VStarcam and discovered several new vulnerabilities and variations of previously found flaws. In Loftek’s CXS 2200 camera, experts discovered cross-site request forgery (CSRF) flaws that can be exploited
Checkmarx: Proactive Threat Protection
Today’s cyber landscape leaves no room for mistakes when it comes to the security of software and applications. Enterprises are well aware of the harsh consequences of a cyberattack. Moreover, with end users expecting software vendors to deliver cutting edge
Playing Games To Learn Code, Checkmarx Acquires Codebashing
Application security testing company Checkmarx has now acquired the somewhat aggressively named Codebashing, a company that specializes in game-like application security education and training for software application developers. Read the full article on Forbes
Checkmarx acquired Codebashing
Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers. Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the
Checkmarx Acquires Codebashing to Redefine Secure Coding Education
Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster. Checkmarx, a global leader in application security testing solutions, today announced its acquisition of Codebashing, a leading application security education company that
Checkmarx Acquires Codebashing
Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers. By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure
Israel’s Checkmarx buys security education firm Codebashing
Israel’s Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company. Click here to continue reading
SD Times news digest: July 24, 2017
Checkmarx acquires security education provider Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security
Checkmarx snaps up Codebashing to boost secure coding development
Checkmarx has acquired Codebashing, an application security training company. The application security testing firm said on Monday that the deal is expected to improve Checkmarx’s training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially
SQL injection vulnerability found in popular WordPress plugin, again
Nor is it the first time that a vulnerable plugin has provided a route into WordPress. In 2013, Checkmarx released a report showing that 20 percent of WordPress plugins and seven of the top 10 ecommerce plugins were vulnerable to basic web
DevOps & Security: Top 4 Myths Debunked
In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it is a process that continues to get more streamlined, faster
The importance of application security in an increasingly connected world
We’re living in a world where technology is increasingly part of our everyday lives. Unfortunately, despite the advantages that all of this new technology offers, it also comes with risk. Although there is research to suggest that developers are becoming
April 2017: The month in hacks and breaches
More than 500,000 Australian websites went dark on April 13 thanks to a DDoS attack, and the month ended with a hacker stealing an entire unreleased season of Netflix’s Orange Is the New Black show. Scroll down to see a
Microsoft Build Partners
Checkmarx is an application security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations
IoT will only ever be as secure as its application code
The Internet of Things offers a beautiful, interconnected vision of the future. However, secure code has to underpin all things IoT because just one chink in the armor leaves us all vulnerable. The pace at which the Internet of Things
6 Ways to Be Your CISO’s Security Team MVP
Security maturity, as cliché as it sounds, is a journey – not a destination. Security isn’t something that can ever be considered “done” because there will always be new technologies, business objectives or processes to secure and align with. The
German, Israeli companies to cooperate on cybersecurity
The Cyber-Security Council Germany said on Wednesday it opened its first international chapter with security firm Checkmarx in Israel, establishing a bridge between German and Israeli cybersecurity communities. “Cyber threats are not bound to national borders, so that transnational cooperation
Essential Steps to Become Agile – Part 3
In my opinion, shifting to Agile is easier than what some organizations may think. Overall, making deliveries smaller is key for a successful Agile workflow, it’s easier to steer a small boat and fix its course than changing a huge
Leading global bank implements Checkmarx Source Code Analysis to strengthen security
Checkmarx has announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American
Source code analysis strengthens bank’s security
A leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American banks have adopted Checkmarx
Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security
Checkmarx announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American banks
March 2017: The month in hacks and breaches
March came in like a lion with news breaking on March 6 that spamming operation River City Media exposed 1.34 billion email accounts, some of which included personal information including full names and addresses. How did this happen? The company
Free learning resources and tools for security savvy developers
Developers will never be responsible for all of security in an organization, but if they keep up with best practices, resources, and find new ways to secure and deliver good code, they could play a key role in developing resilient
Leading Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security
Checkmarx, a global leader in application security testing, today announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This
Security resolutions and trends companies need to consider this year
From LinkedIn to Yahoo, companies fell into the hands of hackers and identity thieves in 2016. Each year, companies seem to make the same security resolutions, only to face roadblocks like skill shortages, time constraints and budget issues, which prevent
THE EU GDPR: what does it mean for application security?
With four out of every five businesses using 10 or more business applications, securing those applications should be paramount in the run up to March 2018. There continues to be a certain malaise among many organisations about getting ready for the
February 2017: The month in hacks and breaches
On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be
Guest View: Cybersecurity education isn’t a game. Or is it?
Security, specifically application security, has become a huge challenge for IT companies worldwide. Actually, most companies in any vertical nowadays have some sort of IT platform they maintain. An increasing number of exploits, causing widespread financial and technical damage, are
Checkmarx announces Open Beta for Scala Programming Language Vulnerability Detection
New York: Checkmarx has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code. Checkmarx is the first static
A Modern Day Love Story: Security and DevOps
It’s a tale as old as time, the last person you ever thought you would love becomes the one person you can’t live without. Enter – software security and developer teams, did you see that one coming? While these teams
Executive Viewpoint 2017 Prediction: Checkmarx – Spotting Software Trends and Beyond
Software is now embedded in every aspect of modern day business, making it critical for organizations to understand how the industry is evolving and where it’s headed. The internet, with the addition of software, has changed the way people and
January 2017: The month in hacks and breaches
Then, on January 19th, internet account passwords for 14 Trump appointees, including Rudy Giuliani and Michael Flynn, were leaked online, the result of “mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016,” according to a report
J is for Java Script
J is for JavaScript. JavaScript is a core component of and present in almost every element of the web browsing experience. Because of the prolific nature of JavaScript on the web, any JavaScript vulnerabilities that are identified are valuable to
Checkmarx opens beta support for Scala programming language
Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code. Click here
Trump, Twitter and Hackers? Don’t Just Use Passwords
“A Twitter account probably has no financial value by itself but depending on the account owner, it could be used to spread false information and create wrong impressions,” Amit Ashbel, director of product marketing and cyber security evangelist at application
Report: malicious ‘fake’ news links used to socially engineer
Amit Ashbel, cyber-security evangelist at Checkmarx told SC: “I think that it’s not exactly the fake news that create these excellent lure tactics but rather the targeted news.” “Modern social engineering campaigns are based on research. Hackers build a persona
AdCare
AdCare LTD was formed in 2007 as a technology company specializing in Outsourced Managed Technology Services – the practice of outsourcing day-to-day management responsibilities and functions as a strategic method for improving operations and cutting expenses. This covers Managed IT Service platforms – computing frameworks used
Shift Left – how to improve security in your developers’ code – do it earlier
There was a pretty simple premise behind last week’s Shift Left conference, organised by Checkmarx at the Bulgari hotel in Knightsbridge. If you look at the software development cycle, it typically starts with the setting of requirements, design, build, test,
Cert2Connect
Cert2Connect provides solutions and professional services in the field of information security and risk management, Cyber Security, Cloud Computing and Mobile platforms. https://www.cert2connect.com/eng
Checkmarx appoints Shmuel Arvatz as Chief Financial Officer
NEW YORK: Checkmarx has announced Shmuel Arvatz as the company’s new chief financial officer (CFO). In this role, Mr. Arvatz will report to Checkmarx CEO Emmanuel Benzaquen, and will have global responsibility for leading the company’s financial operations, as well
ethnosIT
EthnosIT offers IT security appliances and support that ensures organization’s critical information assets like sensitive data and IT infrastructure are better protected against attacks. The company also provides clients with the needed leverage to satisfy and comply with the global
Evox Computing
Evox Computing is a security professional services company dedicated to providing information security related consulting and services which cover the entrire lifecycle of your ISMS strategy. Evox Computing is specializing in enterprise security architectures, software verification services and networking. Our
Predicting a soft future for the security world in 2020
Paul Curran, Content Specialist for Checkmarx looks at several major trends to provide insight on what the software security world will look like in 2020. Society, having moved from an industrial age to the birth of the internet is now
GSS
Galaxy Software Services Corporation(GSS), one of the leading business application software and consulting service providers in Taiwan, specializes in system integration of business applications, business-specific software development and business process and technical consulting services… https://www.gss.com.tw/checkmarx
IndigoCube
IndigoCube focus particularly in the areas of Agile, DevOps, Cyber Security and Application Development. We combine our expertise through training, consulting and coaching for the digital world. At IndigoCube we tap into our in-depth experience and expertise in software delivery to
Magix Security
Magix Security delivers comprehensive and trusted Cybercrime Defense and Detection services to address, manage, and contain the risks and potential damage posed through the misuse of applications, or other IT information assets, by employees and/or third parties. https://www.magix.co.za/
Greatest Hits Of 2016: Readers’ Picks For The Years’ Best Commentary
The hacking thriller Mr. Robot may have been snubbed by the 2017 Golden Globe Award nominating committee this month, but security researcher Sarah Vonnegut’s blog – 5 ‘Mr. Robot’ Hacks That Could Happen in Real Life – about the award-winning season
Should CIOs Be Certified to Practice Data?
Asaph Schulman, vice president, marketing, for Checkmarx, an application security firm, says “the threat landscape is constantly evolving and in an era where every department of every company seems to be developing software, it is difficult to manage what one
The role of testing in securing applications
Adopting a DevOps culture is becoming increasingly discussed with a HP Enterprise report recently claiming that 99 per cent of operations professionals agreeing that it can improve application security but unfortunately the report also highlighted that only 20 per cent
Ashley Madison forced to pay for deceptive security practices
Amit Ashbel, cyber-security evangelist at Checkmarx told SC Media UK, “on a day that Yahoo admits that one billion account credentials have been stolen. The fine that Ashley Madison got seems like peanuts.” “I think it’s important to enforce cyber-security
Checkmarx 2017 Predictions: Predicting a Soft Future
Society, having moved from an industrial age to the birth of the internet is now truly an era where software has become the most critical aspect of our modern world. In earlier times, manufactured products left the factory with just
2017 DevOps Predictions – Part 2
In my opinion the biggest trend in software development for 2017 will be the continued shift to agile based software development methodologies. Our current social media driven society is pushing organization to release new feature filled web and mobile applications
Secodis
“Secodis is an application security consulting company and solution provider based in Hamburg, Germany. Our main focus is to help our customers with integrating application security into their software development and quality assurance processes.” https://www.secodis.com/?lang=en
Predicting a Soft Future
Paul Curran, Content Specialist, Checkmarx looks at several major trends to provide insight on what the software security world will look like in 2020. Society, having moved from an industrial age to the birth of the internet is now truly
November 2016: The month in hacks and breaches
For a timeline of other notable hacks and breaches from last month, see the following infographic from application security provider Checkmarx. Click here to view the full article and infographic.
Report: Mirai ‘is just the tip of the iceberg’
Amit Ashbel, cyber-security evangelist at Checkmarx told SC that Mirai throws threw the security of the IoT into sharp relief: “Security experts have brought up the concern of IoT vendors neglecting security more than once over the past years and
Paul Curran, Content Specialist for Checkmarx, looks at the major security trends which will affect the software security moving forward
Society, having moved from an industrial age to the birth of the internet is now truly an era where software has become the most critical aspect of our modern world. In earlier times, manufactured products left the factory with just
Soflab Technology
Soflab Technology is the market leader in testing and quality assurance of ICT solutions. By offering top-quality services, we support our clients in ensuring the reliability of implemented software and maintaining business continuity. We provide accurate reports on the quality
Android app security tested by malware and vulnerabilities
Matt Rose, global director of application security strategy at Checkmarx, said he was wary about Zimperium releasing the exploit code. “The reasoning here is that it is a real issue and consciously being ignored then by the vendor and releasing
WiniGroup
A value-added international security solutions provider, WiniGroup delivers IT security, risk management, business process optimization, physical security and training services across Africa. Headquartered in Nigeria, the company’s unique mission is to make Africa a more secure region in today’s information
Wizlynx Group
Wizlynx group is Swiss-based IT Services company. Over more than 2 decades, wizlynx has not only built a solid foundation of information security, quality and project management know-how, but our associates are known for their ability to apply the right
WordPress Plugins could leave Online shoppers and businesses vulnerable on cyber Monday
As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday – more and more shoppers are preparing to do their purchasing online from the comfort
Most Organizations Around the World Are Unprepared to Respond to Cyberattack
Matt Rose, global director of Application Security Strategy at Checkmarx Ltd., an app security testing company, said ‘‘the problem is that cyberattacks are not just a technology issue but a process and people issue as well.’’ In order for security
New plugin allows DevOps teams to rapidly embed security into software development lifecycles
NEW YORK: Checkmarx has announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development
New VS plugin from Checkmarx lets DevOps teams to rapidly embed security
Checkmarx just announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the
Checkmarx adopted by allPay to reduce software vulnerabilities and increase security
Checkmarx, a global leader in software application security, and allPay, a financial technology enterprise with a third-party payment platform, has announced allPay’s full implementation of Checkmarx solutions to increase its security posture. Checkmarx worked with industry partner, Galaxy Software Services Corporation (GSS),
The State of U.S. Federal Cybersecurity in 2016
One malicious email can, and has, jeopardized the sensitive data of countless U.S. civilians. How? Federal agencies collect and store some of the most sensitive and top secret data. This data ranges from top secret defense IP’s in the Department
Why don’t developers have a ‘spellchecker’ for security’?
Built-in security education Checkmarx is one of several vendors looking to address that very issue. “We take source code, and do the analysis on 10 or 100 lines of code, allowing the developers to see the vulnerabilities at a very
Top Culture Changes to Make DevOps a Reality – Part 2
The most important culture change required to embrace DevOps in an organization is to forget about the traditional silo approach. Departments are no more responsible for their own delivery but rather everyone is responsible to deliver. While this sounds a
13 IT leaders confess their scary stories and deep, dark fears
Doomed to repeat mistakes “In my many years of experience helping some of the largest organizations in the world roll out effective application security programs utilizing SAST the scariest trend I have seen is that application security takes a back
The state of testing within application security
Testing is an integral part of application security (AppSec) but according to the recent SANS State of Application Security report recently commissioned by Checkmarx, how organisations test is very diverse. The report identifies how organisations test, who is responsible for testing,
Top Factors That Impact Application Performance 2016 – Part 4
APP DESIGN: SECURITY I think application performance is a huge subject but with what the world of software is going through today a lot has to do with security. I believe that the ability to deliver applications which have been
7 ways DevOps benefits CISOs and their security programs
DevOps can be beneficial Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it
Yahoo to be sued over mega breach
Yahoo will be sued over the mega breach that was revealed last week. A resident of New York, Ronald Schwartz, filed the suit on Friday in a California court represented by law firms Robbins Geller Rudman as well as Dowd
Securing code to fight cyber crime
Amit Ashbel, Cyber Security Evangelist, Checkmarx, explains why automated application security testing is the first step in combating cyber crime. The world is moving at an incredible pace. New technologies are regularly announced and whole ecosystems developed around them; such
Checkmarx Announces AppSec Coach
Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to
Checkmarx wants to help developers write more secure code
An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training
New products of the week 9.19.16
AppSec Coach Key features: AppSec Coach provides an education platform to train developers the principles of application security and secure coding. Unlike other solutions, the AppSec Coach is used in the context of the developer’s work, when it is needed
Promoting secure code from within: the gamification approach
By exposing developers to security as part of the coding process, they can learn more about creating secure code and so reduce the time needed for testing. Recent research claims that a quarter of third party apps are high risk
New products of the week 9.12.16
CxSAST, Swift Programming Language Support Key features: New Swift language support, provides Checkmarx CxSAST users with the ability to identify, and mitigate security, quality and compliance issues in their Swift code. More info. Read more on Network World here.
Corbyn announces digital ‘bill of rights’
Jeremy Corbyn intends to introduce a digital ‘bill of rights’ in the UK. The leader of the Labour party presented his intentions in Shoreditch as he unveiled the ‘digital democracy manifesto’, setting out proposed guarantees for citizens in the online
Info Security Europe 2016
Infosecurity Europe is the founding brand of Infosecurity Group – a business unit of Reed Exhibitions UK Ltd. It is Europe’s number one information security event, featuring the largest and most comprehensive education programme, and over 315 exhibitors showcasing the
LIFARS Wine Tasting & CISO Event
The event will take place on April 28 at 5:30 PM. Venue: NoMo SoHo Hotel 9 Crosby Street New York Panel Discussion: Reactionary CISO: A Ticking Time Bomb Panel led by Leo Taddeo Former Special Agent in Charge of the Special Operations/Cyber
Secure360 Twin Cities
UMSA is proud to present Secure 360 Twin Cities, the original Secure 360 Conference, now in its 11th year! Secure 360 Twin Cities will be held: May 17-18, 2016 Read More here
SecureWorld Philadelphia
SecureWorld continues to be THE must attend conference in the New England area. It covers topics for all levels of security from entry to executive with sessions delivered by world class presenters. The event takes pleace on April 20 & 21,
AusCERT 2016
AusCERT is hosting AusCERT2016, the 15th annual AusCERT Information Security Conference from 23rd-27th May 2016. As society increasingly moves towards ubiquitous computing and the Internet of Things, the innovations and benefits for society, health and well-being are profound and exciting.
InfoSec Maestros Awards 2016
Checkmarx is proud to participate in the InfoSec Maestros Conference & Awards, April 15th through 17th in Hyperbad, India! Where to find Checkmarx: Booth #5, April 15 – 17 – Meet the Checkmarx team to hear how to better secure … Read More
IT Week Japan 2016
Japan IT Week is truly Japan’s largest trade show where you can find any kinds of latest IT technologies/solutions. A great number of information systems manager, management executives, sales managers, system integrators and managers from IT system division will visit
Security World 2016
Being held in Vietnam for ten consecutive years since 2007, Security World has gained its recognition as a prestigious unique national forum that discusses ongoing IT security projects implemented in both Enterprise & Government Sectors. Read more
It-sa Germany 2016
it-sa is the only IT security exhibition in the German-speaking region and one of the most important worldwide events. Whether cloud computing,IT forensics, data security or hosting, the exhibition is a unique platform for IT security officers, developers and providers
(ISC)² CyberSecureGov
With a unique perspective on what is at stake, cybersecurity professionals are being called on as agents of change to influence and empower the government’s progress at all levels and in new ways. Join us for the 4th Annual (ISC)²
Risk Conference 2016
RiSK 2016, a conference bringing together CIOs, CTOs, CSO from banks, retailers, telcos, government, system integrators, IT consultants and the world’s top Internet security people. Internationally renowned and acclaimed speakers. First class training. Preview innovative security tools and the chance
BSides Austin 2016
BSides Austin is a volunteer-run information security unconference. Our programming focuses on high-quality content, and our smaller, more intimate networking atmosphere fosters strong audience participation and overall group interaction. If you are at the event, be sure to join our
Central Ohio InfoSec Summit 2016
2016 marks the 9th year for the Central Ohio InfoSec Summit! had nearly 600 in attendance last year, and anticipating another great event in 2016 with informative and intriguing keynotes and breakout sessions! If you are at the event, be
OWASP SnowFroc 2016
The Colorado OWASP chapters are proud to present SnowFROC 2016. Join 200 other developers, business owners, and security professionals for a day of presentations, training, and bonding. The conference will occur on Thursday, February 18th at the SecureSet Headquarters Building
BSidesSLC 2016
BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation. The event will open on March 10 and end on March 11. For more information click here
Taiwan InfoSec Conference 2016
2015, iThome held the first “Information Security Conference in Taiwan”, which is information security activities of Taiwan’s largest so far, the two-day event, Europe, America, Japan and information security experts gathered, and a collection of more than 40 Chinese and
Black Hat USA 2016
Black Hat – built by and for the global InfoSec community – returns to Las Vegas for its 19th year. This six day event begins with four days of intense trainings for security practitioners of all levels followed by the
RSA Conference Asia Pacific & Japan
RSA Conference Asia Pacific & Japan is the leading information security event in the region. Join us for three days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and
AISA National Conference 2016
The event will open on 18 October until 20 October Read More
Black Hat Europe 2016
The event will open on November 1 and will end on November 4 Read More
FS-ISAC Annual Summit 2016
The year’s theme is “Strength in Sharing: Expanding the Trust.” Join your fellow financial industry professionals at the event in Miami Beach. The event will open on May 1 and will end on May 4. Read more
CIAB Febraban 2016
CIAB FEBRABAN is the meeting point for being in the know about the most important issues involving technology and innovation, as well as being a unique opportunity for expanding networking and partnerships. We hope to see you at the 26th
5th NG Security Summit Europe 2016
Taking place from 11th to 13th of April 2016, the NG Security Summit Europe will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to
ISF Annual Congress 2016
Join over 1,000 global senior executives at a series of keynote presentations, workshops and networking sessions where you can share knowledge, best practice and thought leadership in a confidential peer-group environment. The event will open on October 22 and ends
2016 SANS Application Security Survey
Applications and software components, particularly web and mobile apps, have proven difficult to manage and secure. This new survey, publishing in May 2016, attempts to draw out how organizations are improving their application security practices and what they still need
Nullcon Conference 2016
We are excited to sponsor the Nullcon Conference 2016, a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, and a Job Fair at the conference. It is an integrated and structured platform
OWASP AppSec Europe 2016
We are excited to return as a sponsor for the OWASP AppSec Europe Conference in Rome! We hope to see you at the Rome Marriott Park Hotel at Booth #G30, where we’ll be offering demos of CxSAST and talking about how to improve
InfoSec World 2016 Conference & Expo
We are excited to sponsor the InfoSec World 2016 Conference & Expo. InfoSec World 2016 will present over 100 industry experts who will share hands-on, practical advice on a range of security topics. See you on April 4- 6 2016, in Lake Buena Vista.
Black Hat Asia 2016
Black Hat is returning to Asia again in 2016 for a total of four days, and so is Checkmarx! The event includes two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures
InfoSecurity Belgium 2016
We are excited to sponsor the InfoSecurity 2016 Belgium Conference, come visit our booth on March 23- 24 2016, in Brussels! Read More
Zion Security Conference 2016
Glad to be part of the annual Zion Security event once again- great talks and networking. Read More
CyberTech Israel 2016
We are excited to sponsor The CyberTech Conference and Exhibition to be held in Tel Aviv on January 26-27, 2016. Read More
FIC 2016
We are excited to sponsor the 8th edition of the FIC dedicated to data security and privacy Conference. See you on January 25 and 26, 2016 in Lille! Read more
Bside Nigeria 2016
Hurray! Security BSides is coming to Nigeria and Checkmarx will be opening the event with a Keynote Speaking Slot by Mosher Lerner, SVP Product Strategy on The State of Application Seurity. Lagos will be hosting the first BSides cyber-security conference
50 enterprise startups to bet your career on in 2016
The 2015 Holiday Season is upon us and the year is drawing to a close. Soon our thoughts will drift to our hopes and goals for 2016. For those who are dreaming of a new job at an up-and-coming young
Checkmarx + Dynatech: Security in the Agile Environment
WHEN AGILE DEVELOPMENT and APPLICATION SECURITY COLLIDE Agile development provides opportunities to assess the direction throughout the development life cycle. Rather than looking at a single planned result, agile allows teams to assess their results every short period of time,
RSA Conference USA 2016
RSA USA now open for registration. Don’t miss this opportunity to join thousands of industry professionals at the premier information security event of 2016! Register today and take advantage of the biggest discount on a Full Conference Pass! Come visit us
Konferencja Advanced Threat Summit 2015
Come visit us at the Advanced Threat Summit in Poland on 17-18 November at the Warszawa! Read More
OWASP App Sec Califonia
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information
Checkmarx + Adcare: Security in the Agile Environment
WHEN AGILE DEVELOPMENT and APPLICATION SECURITY COLLIDE Agile development provides opportunities to assess the direction throughout the development life cycle. Rather than looking at a single planned result, agile allows teams to assess their results every short period of time,
SC Congress Chicago 2015
On November 17th, 2015, SC Congress will host one of the most talked about cybersecurity events in Chicago’s West Loop, one of the most talked about neighborhoods in the country. Given its famous past and present commercial residents, including Harpo
SC Congress Boston 2015
Fall is one of the perfect seasons to be in New England: changing foliage, apple picking, football…and now SC Congress Boston 2015! Read more
CELAES 2015
The Latin American Federation of Banks and the Panamá Banking Association are therefore pleased to invite you to attend the XXX CELAES that will take place in Panama City on October 15 – 16, 2015, repeating previous successes in terms
DefCamp6
DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private
TEN ISE NA
The ISE® North America Leadership Summit and Awards will be held November 10-11, 2015 at the Westin Michigan Avenue in Chicago, IL. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data
LIFARS Whiskey Tasting
It’s hard to turn down a high-quality whiskey, right? Couple that with a good company and it’s an offer you can’t refuse. Join us for an evening like no other and share your cybersecurity horror story with your peers. Not
The 16th Annual UNC Charlotte Cyber Security Symposium
We’re excited to sponsor the 16th Annual UNC Charlotte Cyber Security Symposium once again! Come visit us on October 14th at the Cone University Center. Read more here
IT Security One2One Summit
The IT Security One2One Summit’s great concept engages top level security decision makers for 2 days of one on ones and boardroom sessions. The event will take place at the Barton Creek Resort on October 4th. Read more about the event here
Regional Sales Manager – USA (206)
Checkmarx is seeking talented Software Regional Sales Manager to support our Sales and Business Development activities worldwide! As a Software Sales Representative for one of the most innovative and forward-thinking development security solution providers, you will fill a critical role at
AppSec USA 2015
Two-days of training followed by two-days of world-class speakers. OWASP Application Security Conference is the premier application security conference for developers, security experts and technologists to discuss approaches to secure web applications. Be sure to come by booth #17 and join our talk, “Game of Hacks:
FS-ISAC Fall 2015
Come visit us at FS ISAC! Join our talk on how to comply with PCI DSS when doing Static Application Security Testing. Read more
EC-Council India 2015
With the theme of “Agile Security in a Dynamic Threat Landscape” EC-Council’s first executive event located outside of the US is shaping up to be the must-attend conference of the year in India. Although there are many executive conferences in India, the August 1, 2015 EC-Council Global
LASCON 2015
LASCON is just around the corner! Come visit our booth at this great event by OWASP and join our talk on Node.JS vulnerabilities. Read more
Infosecurity Netherlands
Come visit us at InfoSecurity Netherlands- the place to find the latest products, most recent updates and solutions for your problems within the field of IT Security & Data Storage and great talks. Read more
Nordic Information Security Forum 2015
We’re excited to be part of the best security conference in Sweden, Stockholm. For the last 7 years Nordic IT Security brings together business, government and technology in a Scandinavian focused Business platform. Meet cross vertical IT Security thought leaders from Sweden, Denmark, Finland,
Derbycon 2015
Welcome to DerbyCon 5.0 – “Unity”. This is the place where security professionals, hobbyists, and anyone interested in security come to hang out. You’re invited to visit our team at Booth K throughout the event! Read more
It-sa Brasil 2015
It-sa Brasil is a unique content and business platform that allows executive decision makers from the most varied of sectors to discuss the subject Information Security with exclusive panels composed by specialists. Therefore, it is a space dedicated to connect
Cyber Security Summit Boston 2015
The 2015 Boston Cyber Security Summit is an exclusive C-Suite conference series that connects senior level executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts… Read more
2015 AISA National Conference
Now in its 8th year, the AISA National Conference is the single largest member event for the Information Security profession. Read more Here
Senior Technical Account Manager- UK (205)
Checkmarx is searching for talented Senior Technical Account Manager to lead the activity with our strategic accounts and prospects in Europe. The Senior Technical Account Manager will work as part of the Professional Services team. The Professional Services team is
Field Sales Engineer – UK (141)
Checkmarx is seeking talented Field Sales Engineer to support its Sales and Business Development activities in the EMEA region. In this position, the primary responsibility would be to drive and manage the technological evaluation stage of a sales process. Any
Account Manager- France (204)
Job Description: We seek a Senior Account Manager who will develop and manage key strategic customers for Checkmarx in France .The candidate will be overseeing sales through the channels or direct sales. The main target is to grow Checkmarx market
Regional Sales Manager – UK (203)
Job Description: We seek a Senior Regional Sales Manager who will develop and manage key strategic channels and direct customers for Checkmarx in the UK.The candidate will be overseeing sales through the channels or direct sales. The main target is to
Regional Sales Manager- Germany (202)
Job Description: We seek a Senior Regional Sales Manager who will develop and manage key strategic channels and direct customers for Checkmarx in Germany. The candidate will be overseeing sales through the channels or direct sales. The main target is
DevOps Engineer (165)
Checkmarx DevOps Engineer is responsible for working with the software engineering Department in their efforts to achieve rapid innovation and technical change. Key Responsibilities: Responsible for all technology systems and frameworks within the development process. Lead system integration between R&D
Salesforce Engineer (194)
Checkmarx is looking for an experienced Salesforcer to join its Operations team, as Sr. Business Operations Engineer. In this role, you will be responsible for delivering best-in-class CRM implementation to the internal teams at Checkmarx, including designing, hands-on implementing and
Field Sales Engineer- Germany (201)
Checkmarx is seeking talented Field Sales Engineer to support its Sales and Business Development activities in Germany. In this position, the primary responsibility would be to drive and manage the technological evaluation stage of a sales process. Any task would
Professional Services Engineer (185)
Checkmarx is searching for talented Professional Services Engineer to support our Sales and Business Development activities worldwide. The Professional Services team is responsible for delivering services to Checkmarx clients. Including planning and leading the implementation of Checkmarx solution at client’s
Senior QA Engineer (200)
Checkmarx is looking for senior QA Engineer to join our fast growing company Responsibilities: Working in close cooperation with Product Management, as well as Developers and other QA functions such as automation and performance. Understanding the business and technical requirements
Senior Java Developer (199)
Checkmarx is looking for senior java developer to join the intimate, currently forming team of Cx new product. The candidate will lead the design and implementation of a high-end, real-time computing server, with impact and visibility on many of the
Jenkins User Conference Israel
Jenkins User Conference hits Israel fourth year in a row! Join our session: Introducing Automated Security Testing To Your Jenkins Server. To register to the conference click here
It-sa
It-sa is one of the best IT security exhibitions in the German-speaking region and one of the most important worldwide events. Whethercloud computing, IT forensics, data security or hosting, the exhibition is a unique platform for IT security officers, developersand
ISF World Congress
ISF Annual World Congress is ISF’s flagship global event that offers attendees an opportunity to discuss and find solutions to current security challenges, and gain practical advice from peers and leading industry experts from around the world. Be sure to
RSA Abu Dhabi
We’re excited to be part of RSA Abu Dhabi! Come visit our booth and learn more about Application Security. Read more about the event here
Black Hat Europe
Black Hat Europe is coming up! Come visit our booth 202 to learn more about Application Security and take a shirt from our new collection! Read more about the event here
RSA APAC
Come visit us at RSA Asia Pacific on July 22nd- July 24th, booth E21. For more informtion click Here
Les Assises
For the 3rd year in a row, we’re excited to be part of the best security conference in France. Les Assises gathers C-level security decision makers in the local industry to 3 days of sessions, expo and amazing networking. For
Things your browser never told you
In this webcast, Angelo Prado, Senior Product Security Manager at Salesforce.com will showcase the latest trends on browser specific weaknesses and side channels. There will be practical demonstrations highlighting new HTML5 features that can be leveraged to carry out stealthy attacks.
Black Hat USA
Black Hat USA is just around the corner! We’re inviting you to visit our booth – #259 and join our talk: The Node.js Highway: Attacks are at Full Throttle on August 5th, 17:30-18:00, Jasmine Ballroom, Mandalay Bay Las Vegas. Read more
DEFCON 23
DEFCON 23 is the 23rd edition of the world’s largest hacker conventions. Join our interactive talk at the 101 DEFCON track on Game of Hacks: Game of Hacks, built using the node.js framework, displays a range of vulnerable code snippets challenging the
Japan IT Week
Japan IT Week, Information Security Expo & Conference in Tokyo is coming up and we’re inviting you to visit Intelligent Wave’s booth and check out Checkmarx’s solutions! Dates: May 13th – 15 th, 2015 – 10:00 – 18:00 (Last day until 17:00)
How to Achieve PCI DSS Compliance with Checkmarx Source Code Analysis
The Payment Card Industry Data Security Standard (PCI DSS) is a self-regulated industry standard set by credit card merchants such as MasterCard and Visa for securing credit card information. Companies that suffer from a breach and are found to have failed compliance
SANS Webinar: Node.js Security Risks
Five years after its debut, it seems that node.js has become the most popular cross platform runtime environment for server side applications written in JavaScript. There is no argument about the power of node.js however as with any coding language
ISSA National Summit
The 7th ISSA Annual Information Security Summit is just around the corner. Join companies and industry peers for this Premier event in Los Angeles offering educational sessions presented by world class presenters. We’ll be there! Read more and register here
AppSec Europe
AppSec Europe is coming up! Come visit us at booth S2 and join Maty Siman’s talk: The Node.js Highway: Attacks are at Full Throttle on May 21st, at 11:55. Read more here Location: The Rai Convention Center, Amsterdam, The Netherlands
Secure World Expo
Secure World Houston is coming up! Join our panel of “Emerging Threats” to hear our thoughts on Application Security and visit our booth at the expo to join the raffle or to see a product demo, or both! Norris Conference
InfoSecurity Europe
Come visit us at the number one Information Security Conference in Europe on June 2-4, 2015 at the Olympia in London, BOOTH B45! We are also inviting you to join our talk: The Node.js Highway: Attacks are at Full Throttle,
AusCERT
AusCERT is hosting AusCERT2015, the 14th annual AusCERT Information Security Conference from 1st-5th June 2015 at the RACV Royal Pines Resort on Queensland’s Gold Coast, Australia. This year’s conference theme explores how we need to smarten up to manage information
Secure World Webinar
Selecting Your Application Security Solutions – Pros & Cons Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware to a particular audience (AKA
Senior Pre/Post Sales Engineers (183)
We are looking for talented pre/post-sales engineers to support our Sales and Business Development activities worldwide. Job requirements: Excellent presentation skills in front of customers, business partners and large audiences (English and Hebrew) Experience working with customers abroad At least
RSA USA
We are exhibiting at the biggest Security show in the world! Come visit us at booth 1739, Southern hall at the Moscone Center in San Francisco! Join our talk by Maty Siman, Founder & CTO at Checkmarx- “Game of Hacks:
Black Hat Asia
Black Hat is returning to Asia again in 2015. Black Hat brings together the brightest professionals and researchers in the Security industry for a total of four days–two days of deeply technical hands-on Trainings, followed by two days of the
Cybertech Israel
Cybertech Conference and Exhibition is the largest exhibition and conference of cyber technologies in Israel, gathering over 4000 Information Security Experts worldwide. Cybertech will present commercial problem solving strategies and solutions for cyber infrastructure experts across multiple sectors; energy, utilities, finance, defense, R&D,
InfoSec World
The MISTI team is excited to bring you a lineup of conference sessions, workshops and summits that address the most pressing matters in information security today. We look forward to seeing you at InfoSec World at Disney, booth 323! Read more
CDM Media CISO Summit
The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks,
FS-ISAC
FS-ISAC is one of the most luxurious financial security events on the globe. We’re glad to be there, at the Annual Summit, so come visit our funky Cabana at the beach to talk about AppSec. Read more here.
Application Team Leader (149)
Job Requirements A university B.Sc. in computer science/engineering At Least 2-3 years as a Team Leader At least 5 years of software applications development At least 2-3 years of software development experience in C# (Winform clients and / or Server
Virtual Forge and Checkmarx seal unique partnership for Static Application Security Testing
The new partnership between Virtual Forge and Checkmarx offers companies a powerful platform for testing and ensuring the application security of business applications, including those that are developed in SAP ABAP. Much of the data breaches still take place through
Rapid7
Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and
OWASP LATAM Tour
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Come visit us in Santiago – Chile, Buenos Aires-
Secure World Boston
Come visit us at Secure World Boston and enjoy a big forum of InfoSec experts and vendors. Hope to see you at our booth #411!
The AppSec How To: Application Security in Continuous Integration
Agile development provides opportunities to assess the direction throughout the development life cycle. Using regular cadences of work, known as Sprints or iterations, at the end of which teams must present a potentially shipable product increment achieves the ability to
Can you please describe your product architecture?
Checkmarx is installed on a central server with web clients and thin IDE plugins connecting via http or https.
Do I have to rescan my entire code base every time?
No. The incremental scan option will automatically scan only the updated files and their dependencies.
The AppSec How-To: JavaScript Security Implications
JavaScript controls our lives – we use it to zoom in and out on a map, automatically schedule doctor appointments and play games online. But have we ever properly considered the security state of the scripting language? Before dismissing JavaScript security
Securing Business Applications in Real-Time
As demand to access company information on the move and from mobile devices increases it places extra strain on security resources. Existing web applications firewalls (WAFs) monitor traffic but don’t have an understanding of the logic of data flows and
What types of reports can Checkmarx provide?
Project progress reports and configurable dashboards in PDF, RTF, CSV or XML.
Do you support scanning of mobile applications?
Yes, Checkmarx fully supports scanning of Android, iOS and Windows mobile applications.
How do you do your magic?
Checkmarx parse raw source code (no need to compile) stores it in a DB and queries it with hundreds of rules to find vulnerabilities. Rules can be easily modified & added.
Does Checkmarx provide a product or a service?
Checkmarx’s product is available either On-premise, on a private cloud or on our secure CxCloud service.
Can I use Checkmarx to understand how changes in the code resulted in vulnerabilities?
Yes, Checkmarx provides a side by side comparison of scans and points out the differences.
Can I integrate with a build management system?
Yes. We currently have plugins for Jenkins, Bamboo, TeamCity, TFS, Anthill Pro and others.
How often do you release product updates?
A new version is released every year. A service pack is released every quarter. Hotfixes are released as needed.
The unsung achiever: Pakistani tops lists of ethical hackers of 2014
The world’s leading information security publications have featured Pakistani security researcher, Rafay Baloch, as one of the top ethical hackers in 2014, putting the 21-year-old Karachiite on top of their lists, The Express Tribune learnt on Thursday. “Ethical hacking, which makes the
Digital.ai
Digital.ai is an industry-leading technology company dedicated to helping Global 5000 enterprises achieve digital transformation goals. Using value stream management as its cornerstone, Digital.ai combines innovative technologies in agile planning, application protection, software delivery, and artificial intelligence into a unified
GitLab
GitLab is a DevOps platform built from the ground up as a single application for all stages of the DevOps lifecycle enabling Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab provides a single
GitHub
GitHub is the developer company. As the home to more than 50 million developers from across the globe, GitHub is where developers can create, share, and ship the best code possible. GitHub makes it easier to work together, solve challenging
Cloudbees
CloudBees, the enterprise software delivery company, provides the industry’s leading DevOps technology platform. CloudBees enables developers to do what they do best: Build stuff that matters, while providing peace of mind to management with powerful risk mitigation, compliance and governance
CxSAST for Amazon Web Services
CxSAST hosted on an AWS environment, allows organizations to seamlessly connect to their development lifecycle with all the benefits of being hosted in the cloud. By leveraging CxSAST for AWS, organizations are able to perform Static Application Security Testing in … Read More
Checkmarx Ranked #1 for “Static Analysis Product” in Gartner’s 2014 Critical Capabilities for Application Security Testing Report
TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) — Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014. Forrester Research, Inc. invited 12 AST solution providers
The Business Value of Partial Code Scanning
It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get
8 Cybersecurity Resolutions to Make for 2015
It seems that 2014 was the year of data breaches in the business world. Target, Home Depot, AT&T, JP Morgan, eBay, P.F. Chang’s and other high-profile brands all fell victim to cybercriminals, compromising both the companies’ reputations and their customers’
5 Ways Outsourcing App Development Security Will Help You Cut Costs
IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible
Citizen Developers Will Ruin Software, Discuss
Our use of term ‘citizen’ has evolved. It has transmogrified from its original context pertaining to: any native or naturalized member of a state or nation who owes allegiance to its government. Today then, citizen means: a consumer-level or non-specialist
Web Security Tools that Take the Pressure Off Web Designers
Designers can take an idea and turn it into a masterpiece of user interactivity, and because of their competence in all things aesthetic and interface, they’re often asked to undergo tasks that, honestly, should not fall on their shoulders. Yet,
Checkmarx Named Fastest Growing Security Company in Israel
Checkmarx, a leading developer of static code analysis solutions which identify software security vulnerabilities, has been ranked the #1 fastest growing security company in the Israel Deloitte Technology Fast 50 for 2014 – one of Israel’s foremost technology awards. Checkmarx’s
Former HP Executive Joins Checkmarx
Ron Kormanek, former Hewlett Packard executive, to serve as VP Sales, North America for Checkmarx – a Leading Application Security Solution Provider Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP
How To Future-Proof Security For Your Next App Development Project
IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive
Application Security Taking Center Stage for Retailers
The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that
The AppSec How-To: Guide to Getting Your Developers to Beg for Security
Security is fascinating. It touches each and every one of us – whether we’re making an online credit card purchase, transferring funds or entrusting a service with our intimate emails. Security continues to intrigue with revelations of sophisticated attacks, sometimes analogizing
Checkmarx And Integral Agree on Making New Zealand More Secure
Integral, a highly respected New Zealand software developer is today announcing a resell agreement with Checkmarx, a global leader in Application Security Testing solutions. “We are excited to announce the launch of this agreement between Integral and Checkmarx. The agreement
Checkmarx Named a Challenger in Gartner 2014 Magic Quadrant for Application Security Testing
Checkmarx positioned furthest for completeness of vision in the Challengers Quadrant Checkmarx, a leader in web and mobile application security solutions, has been positioned the furthest for completeness of vision in the Challenger’s quadrant of Gartner’s 2014 Magic Quadrant for
Checkmarx Selected as Winner of 2014 Red Herring Top 100 Europe Award
Prestigious Award Given to Europe’s Most Promising Private Technology Ventures (April 14, 2014. Tel Aviv, Israel) – Checkmarx, a leading provider of code analysis tools that identify security vulnerabilities in web and mobile applications, is delighted to be awarded a
Checkmarx Named One of Top 20 Most Promising Enterprise Security Companies By CIOReview
Amidst the sudden surge of security threats and emergence of innovative security approaches, enterprise security firms that are able to function as a catalyst in connecting the industry with the cutting-edge security solutions will dominate the market. Since an organization’s
The 5 Key Benefits of Source Code Analysis
Static Code Analysis (SCA) is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. Two categories exist in this realm: Byte/Binary Code Analysis (BCA) which analyzes the binary/ byte code that is created by the compiler. Source
The AppSec How-to: Achieving Security in DevOps
DevOps is good all around when done right – and security plays a big part in helping DevOps organizations thrive. How do you integrate security within a Continuous Deployment (CD) environment where every 5 minutes a feature, an enhancement, or a
The AppSec How-to: Visualizing and Effectively Remediating Your Vulnerabilities
The biggest challenge with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous findings. Developers are quickly overwhelmed while trying to analyze security reports containing results that are presented independently from one another. Take for example, WebGoat – OWASP’s
Checkmarx and Specialist IT Consultancy Firm Ballintrae Team Up To Reduce Software Risks
The companies will jointly work on Application Security. (CBR) –November 14, 2013 – IT consultants Ballintrae and Checkmarx, an application security testing, have joined forces to reduce software risk. With risk high on the boardroom agenda, it is hoped that the partnership will
Security Innovation TeamMentor now Integrates with Checkmarx’s CxSuite
Provides faster and better remediation guidance within the developers’ environment Security Innovation, an authority in application security assessment and training, and Checkmarx, a leader in Application Security Testing, announce the seamless integration of TeamMentor with Checkmarx’s CxSuite Static Application Security
The AppSec How-to: 10 Steps to Secure Agile Development
In Agile’s fast-paced environment and frequent releases, security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best practices? Companies have found the following ten
CloudSpokes & Checkmarx Team Up to Secure Thurgood Software Development Tool
CloudSpokes, the leader in crowdsourced cloud development, today announced the availability of Thurgood, a new cloud-based tool to automatically analyze the build, quality and security of code. As more organizations turn to crowdsourced and outsourced developer talent, CloudSpokes’ Thurgood gives developers and
The Security State of WordPress’ Top 50 Plugins
In June 2013, Checkmarx’s research labs ran multiple security scans against the source code of the most popular WordPress plugins. The result? More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as
Checkmarx Announces Partnership with Deutsche Telekom to Offer a Software Security Solution
The leader in Application Security Testing solutions, Checkmarx Ltd. is today announcing a partnership with Developer Garden, the Deutsche Telekom AG (DAX; DTE) ecosystem for developers. “We are proud to announce the launch of this important and strategic partnership between
Checkmarx & Eclipse Team Up to Promote Secure Coding
Press Release: Checkmarx – Wed, Feb 20, 2013 7:00 AM EST TEL-AVIV, Israel, February 20, 2013 /PRNewswire/ – Checkmarx is delighted to announce a new strategic partnership with the Eclipse Foundation. Recognized as a pioneer and leader in the Open Source software
CloudShare Announces a Record Fiscal 2012
Increasing Demand for Development and Testing Services Fueled Record Revenues and New Customer Growth SAN MATEO, CA–(Marketwire – Feb 7, 2013) – CloudShare, the leader in cloud services for pre-production, announced today a record fiscal 2012, achieving 3X growth in
Cenzic Forms Strategic Alliance with Checkmarx
Cenzic Inc., the leading provider of web application security intelligence to reduce security risks, announced today a strategic alliance with Checkmarx Ltd., the leading provider of Static Application Security Testing (SAST) solutions. As part of the alliance, Cenzic will offer the … Read More
OWASP Top 10 Vulnerabilities
The Open Web Application Security Project (OWASP) is an open-source application security community whose goal is to spread awareness surrounding the security of applications, best known for releasing the industry standard OWASP Top 10. The OWASP community is powered by security knowledgeable volunteers … Read More
Static Application Security Testing (SAST) Tool Implementation
We have just published a new article on our website that discusses the process of achieving a successful SAST (Static Application Security Testing) tool implementation. It covers the various questions and concerns Checkmarx customers face when running evaluations of the available … Read More
Checkmarx Closes New Funding Round With Salesforce
October 11, 2011: Tel Aviv, Israel — Checkmarx Ltd., the leading provider of static application security testing (SAST) solutions, today announced it has completed a new round of funding led by original investor Ofer Hi-Tech (https://www.oferhitech.com) and joined by salesforce.com
Checkmarx Named “Cool Vendor” by Gartner
Checkmarx, the leading provider of static application security testing (SAST) solutions, has been included by Dr. Joseph Feiman as one of five “Cool Vendors” in the April 2010 “Cool Vendors in Application Security, 2010” report by Gartner, Inc. on 14 April … Read More
Checkmarx Launches Security Scan on Demand
Checkmarx, the leading provider of code analysis for security, today announced the general availability of a cloud-based security code review service. … Read More
Decompilation Injection
This paper presents a novel way to protect .NET assemblies against reverse-engineering and decompilation by injecting them with commands that are activated only at the recompilation stage, the application retroactively detects the reverse-engineering process and acts upon it. This technique
ReDoS – Regular Expression Denial of Service
The regular expression denial of service (ReDoS) is a denial-of-service attack, that exploits the fact that most regular expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then