Why Software Security and DevOps Were the Talk of the Town at Black Hat and DEF CON 2019

In the wake of Black Hat 2019 and DEF CON 27, there is no doubt that the cybersecurity industry is growing beyond anyone’s expectations. The sheer number of sponsors and attendees who descended upon Las Vegas last week from all parts of the world ranged in the tens of thousands, with this number continuing to grow and expand year after year. The Checkmarx team had a whirlwind of a week and enjoyed meeting with a wide variety of security and IT professionals who are taking a closer look at how they approach developing and releasing more secure software, fast. It’s well known that software vulnerabilities are a major causative factor in successful cyberattacks and it’s clear this issue must be solved sooner, rather than later. However, the way companies develop and depend on software has changed – and never before has it exposed them to more risk. While software security is now business critical, if it doesn’t fit within software development methodologies like DevOps, it just won’t work. At our Black Hat booth this year, we spoke with attendees about one of our core beliefs: that security must be inseparable from development.

Checkmarx booth at Black Hat USA

There was tremendous interest in Checkmarx’s approach to static, interactive and open source application security solutions, along with secure coding education for developers. And, with the Verizon 2019 Data Breach Investigation Report finding that 70% of breach incidents were caused by attackers targeting vulnerable web applications containing software defects, it’s no surprise this was the case. Most conversations in the Checkmarx booth were centered specifically on how to embed security into DevOps, a hot topic and one we love to talk about. We explained that with software now ingrained everywhere and attack surfaces expanding, organizations must prioritize unifying software security and DevOps to reduce software exposure and potential vulnerabilities. Nicole Ferguson of Google Cloud shared a similar sentiment, providing a fantastic presentation on the inevitable marriage of DevOps and security, where she highlighted the overlap between DevOps’ priorities and modern infosec’s goals. So what else was the Checkmarx team up to during Black Hat and DEF CON? Well, quite a bit.

We released new research disclosing vulnerabilities in LeapFrog’s LeapPad Ultimate…

The Checkmarx Security Research Team published its latest findings last Wednesday, discovering how cyber-attackers could hack into LeapFrog’s LeapPad Ultimate tablets. You can read more here in case you missed it, but to summarize, the LeapPad Ultimate became yet another product added to an ever-growing list of vulnerable Internet-connected devices. The Checkmarx team identified a Man-in-the-Middle vulnerability, allowing adversaries to tap into a LeapPad Ultimate’s communications to reveal an abundance of PII – ranging from children’s’ locations to parents’ credit card details. Thankfully, LeapFrog addressed the vulnerabilities quickly and thoroughly, but this is still a good reminder that no device is safe, regardless of whether or not it’s easily connected to the Internet.

We became cybersecurity’s next ‘Black Unicorn’…

On the company news front, we were thrilled to be named a Black Unicorn Award winner from Cyber Defense Magazine, recognizing our amazing growth trajectory in software security and potential to be a major force in the overall cybersecurity landscape. The award judges predict that Checkmarx is well-positioned to surpass a $1 billion or greater market value. The Black Unicorn award is a noteworthy recognition and a testament to our entire team’s accomplishments here at Checkmarx.

Checkmarx CEO, Emmanuel Benzaquen, holding the Black Unicorn award

We raced a few cars at our Xcelerate 2019 event…

Amidst all the news, we found time to kick-back, relax, and even hop in some sports cars at the Checkmarx Xcelerate customer appreciation event. Taking place at SPEEDVEGAS, attendees did laps around the race track in their dream cars, enjoyed stellar food from Chef Stephen Hopcraft, and heard from our CTO, Maty Siman, during his presentation, Rise of the Machines, Artificial Intelligence and Security. Maty gave a comprehensive overview of the pros and cons of AI in the security space and discussed how genetic algorithmic probabilities can be used to increase attackers’ chances of success. Finally, Maty discussed how AI can learn patterns to detect repetitive vulnerabilities in code structures and how organizations can use the same techniques as well.

Porsche at Xcelerate 2019

And, last but certainly not least, we sponsored the first-ever DEF CON AppSec Village…

When Black Hat was winding down, DEF CON 27 was ramping up. Checkmarx was a Gold Sponsor of DEF CON’s inaugural AppSec Village. Founded by our own Erez Yalon, Director of Checkmarx’s Security Research Team, along with major contributions from many volunteers in the AppSec community, the AppSec Village was a phenomenal success. More than 4000 people came by to participate in the AppSec Village’s keynotes, presentations, workshops, capture-the-flag contests, and networking. We’re already looking forward to next year.

Scenes from inaugural DEF CON AppSec Village

Overall, it’s safe to say it was a great week. Thank you to our customers, partners, colleagues, and peers for another fantastic Black Hat and DEF CON, and see you all next year!

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content