Publisher’s Spotlight: Checkmarx

I was thrilled to catch up with Checkmarx during Black Hat USA 2024.  Cloud development transformation has ushered in a host of expanding security challenges: the rising number of point solutions in the tech stack causes process issues and reveals new vulnerabilities. The responsibility for application security has evolved from shifting left, to shifting everywhere from code to cloud, from design through deployment and runtime.

“Checkmarx is leading the way with our continuous investment and innovation in the area of GenAI and application security,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “In order to secure enterprise data and applications, we’ve committed to improving the developer experience by bringing seamless AppSec capabilities into their workflows in a way that enables them to leverage the power of GenAI while mitigating the new risks that it can bring.”

Developers and development teams are under increasing pressure to shrink time-to-delivery while ensuring maximum security for increasingly complex applications. A recent global study of CISOs, AppSec leaders and developers conducted by Censuswide for Checkmarx revealed that 92% of companies surveyed had experienced a breach in the prior year due to vulnerabilities in applications developed in-house and that 91% of organizations had knowingly released vulnerable applications. Asked why, respondents noted that business pressures are a primary reason for the release of vulnerable applications.

From proprietary code to the increasing inclusion of open source software from unvetted sources, application security is increasingly pressured to keep up with the speed of development, a challenge for many organizations.

“Incorporating Checkmarx’ technology has revolutionized our development culture. It’s more than just technology; it serves as the foundation of our security strategy, ensuring that our applications are secure by design.” – Sudharma Thikkavarapu, Sr. Director, Product Security Engineering, Dell.

Checkmarx is a leader in AppSec innovation, focusing last year on reducing the risk of customers’ use of GenAI in development. The launch of Checkmarx One™ Version 3.0 and CheckAI, the industry’s first plugin to detect and prevent potential attacks against ChatGPT-generated code, are testament to our commitment to securing the future. These innovations have significantly bolstered our capabilities in detecting and eliminating emerging attacks, setting a new benchmark in the industry.

Checkmarx One is an enterprise-grade AppSec platform that delivers a full suite of solutions in a unified, cloud-native platform. It quickly delivers accurate, cross-tool results and augments them with remediation guidance plus just-in-time training. Checkmarx One consolidates enterprise AppSec toolsets to reduce total cost of ownership, simplify vendor management and provide teams with a single log-in and single pane of glass for all AppSec solutions. A primary benefit is the prevention of application vulnerabilities from going into cloud production runtime.

Checkmarx’ dedication to innovation also extends to proactive threat research. This year our research team made a groundbreaking discovery of the first-known open-source software supply chain attacks aimed at the banking sector, using customized malware. Our supply chain security researchers often speak at industry conferences to share findings that help.

keep the open source ecosystem safe. This threat intelligence then feeds directly into our product roadmap for continuous improvement in ability to defend against emerging threats. We actively engage with customers to assess satisfaction and gather feedback, which informs our innovation.

“We were thrilled to find Checkmarx, which helped us improve the service-level agreement (SLA) for identifying and remediating risk, reduce risk and the number of vulnerabilities, and eliminate high- and medium-risk issues.” – Ubirajara Aguiar, Jr., Tech Lead, Red Team/DevSecOps, Pismo.

In Summary

Checkmarx One is the industry’s most comprehensive AppSec portfolio of products, training, and services covering the entire software lifecycle from developer enablement and secure code training, design, coding, testing and deployment through production. Secure every element of your applications with full coverage: SAST, DAST, AI security, software composition analysis, supply chain security, API security, container security, infrastructure-as-code (IaC), and application security posture management (ASPM). Checkmarx One is the essential solution for security teams that want to accelerate their time to value and deliver secure, performant, cloud-native applications. It empowers developers and security teams alike without the complex overhead of legacy point solutions.

Request a Personalized Demo: https://checkmarx.com/request-a-demo/

Watch a Recorded Demo: https://checkmarx.com/resources/vidyard-all-players-5/ast-platform-demo/

Find them on Twitter (X): @Checkmarx #AppSec #opensourcesecurity #APIsecurity

About the Author

Gary Miliefsky is the publisher of Cyber Defense Magazine and a renowned cybersecurity expert, entrepreneur, and keynote speaker. As the founder and CEO of Cyber Defense Media Group, he has significantly influenced the cybersecurity landscape. With decades of experience, Gary is a founding member of the U.S. Department of Homeland Security, a National Information Security Group member, and an active adviser to government and private sector organizations. His insights have been featured in Forbes, CNBC, and The Wall Street Journal, as well as on CNN, Fox News, ABC, NBC, and international media outlets, making him a trusted authority on advanced cyber threats and innovative defense strategies. Gary’s dedication to cybersecurity extends to educating the public, operating a scholarship program for young women in cybersecurity, and investing in and developing cutting-edge technologies to protect against evolving cyber risks.