Checkmarx Tells Us Why App Developers Should Care About App Security

We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-scene.

 

Benzaquen: Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. For enterprise companies who want to minimize application security risks, Checkmarx provides products and services to detect and eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST provides faster feedback loops and higher accuracy resulting in wider developer adoption.

 

For DevOps and AppSec professionals who want to embed security as part of the continuous integration flow, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST seamlessly fits into the continuous integration tool chain, without imposing delays. For AppSec professionals who want developers to take ownership of application security, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST can be easily adapted to the application code, resulting in higher accuracy and wider developer adoption.

 

 

Benzaquen: Checkmarx bridges the gap between developers and application security specialists through its unique suite of products and solutions identifying, educating, and assisting in fixing security vulnerabilities throughout the software development lifecycle. While growing, we continue to empower the 20M developer’s community worldwide with everything they need to deliver secure applications. Over the next 5 years, security testing is becoming as important as functional testing to organization and Checkmarx is present to help developers and organizations minimize their risk of being breached.

 

 

Benzaquen: Developer application security skills is one of the major pain points for organizations when it comes to application security. Education is a need that many are trying to address however traditional methods just aren’t cutting it. There are a few rules of thumb required to ensure a successful training process: 

1. The education has to address the specific need as soon as it appears. This is also known as in-context training. 

2. It has to be engaging and preferably interactive. Short bite sized training courses achieve a much higher rate of success compared to long frontal presentations delivered to a large audience. Ensure the developers have a hands on experience as part of the training session. 

3. Education is not a onetime thing. Developers move around very often and team members change quite frequently. A good education plan is available all the time and ensures that any new comer receives the same level of education as his peers. 

4. Don’t break the developers flow of work. Shifting from one platform to another is time consuming and confusing. If you are addressing a problem via a specific platform, teaching the developer how to address the problem should be part of that same platform. 

 

 

Benzaquen: DevOps are based on speed of delivery. Security measures and specifically application security is often perceived as time consuming. Traditional application security solutions were not designed with continuous integration processes in mind. Therefore, it is natural for DevOps team to “fear” security procedures as they feel it may impact their release schedules and delay the process. Checkmarx is designed to address DevOps and AppSec Professionals who want to embed security as part of the continuous integration flow, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST seamlessly fits into the continuous integration tool chain, without imposing delays.

 

 

Benzaquen: Since Checkmarx’s founding in 2006, our commitment is to enable organizations to detect and remediate security vulnerabilities within their software application. TOYO's renowned services and measurement technology ties perfectly into our application security solutions, further extending our capabilities across the Software Development Lifecycle (SDLC). Together, our combined strength and experience will enable our customers to better measure the security posture of their application code. We’re absolutely thrilled for this new partnership with TOYO, and together we will support businesses and developers building and deploying secure software.

 

 

Benzaquen: Developers are key in the application’s security posture. The code developers deliver is probably the main strategic advantage an organization has over the hackers because it is not easily accessible to the attacker. Therefore, delivering secure code is a critical step in securing both the company and the user’s data. While today, developers mainly concentrate on creating functionality and fixing bugs in the code it seems natural that developers would also address vulnerabilities considering the only difference between them and a functionality bug is the potential impact on the business, which in many cases may be much more devastating.

 

 

Benzaquen: In a connected world, cyber-attacks are constantly increasing and organization are continuously on the hunt to improve their delivery’s security posture. With the understanding that implementing security has to start at the core of the software delivery namely the code, secure coding skills is becoming a requirement for organizations globally. Developer’s with security knowledge are an asset that organizations are looking for and these are still quite rare to find.