Application Security

7/24/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Checkmarx Acquires Codebashing to Redefine Secure Coding Education

Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster.

NEW YORK-- Checkmarx, a global leader in application security testing solutions, today announced its acquisition of Codebashing, a leading application security education company that delivers Game-like AppSec Training for Developers.

Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.

Maintaining Developer AppSec knowledge is a real challenge for enterprises and a real concern for application security professionals. According to the SANS 2016 State of Application Security survey, the lack of AppSec skills, tools and methods was ranked most often as being in the top three challenges to implementing AppSec by respondents.

Pioneering the idea of shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.

Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.

“Checkmarx has been addressing the security skill challenge for over a decade and once we saw the value we can deliver to our customers by integrating Codebashing’s platform within our solution offering, we knew this would be a game changer for the industry,” said Emmanuel Benzaquen CEO of Checkmarx.

Gyan Chawdhary, CTO & Founder of Codebashing, has been active in the AppSec community for years. During his journey, he discovered that legacy Computer-Based Training approaches simply don’t resonate with developers.

“The team at Codebashing is very excited to join Checkmarx and we are looking forward to deliver our mutual offerings to millions of developers who will leverage the natural fit between Checkmarx and Codebashing,” said Gyan.

“We knew this was going to be an exciting journey for us when requests started pouring in. Large-scale organizations like Microsoft, Fitbit and Sky, and a whole host of other household names across the tech, retail, and financial verticals - have already implemented our solution to train, refresh and validate their developers’ secure coding techniques,” said John Yeo, CEO & Co-Founder of Codebashing. In regards to the acquisition, “We’ve been working with Checkmarx for a while now and our existing technology integration has proven to be a very natural fit for customers. The acquisition is an obvious force-multiplier, it’s superb for Codebashing’s future growth prospects, and fantastic for our customers,” said Yeo.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.