Application Security

7/24/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Checkmarx Acquires Codebashing to Redefine Secure Coding Education

Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster.

NEW YORK-- Checkmarx, a global leader in application security testing solutions, today announced its acquisition of Codebashing, a leading application security education company that delivers Game-like AppSec Training for Developers.

Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.

Maintaining Developer AppSec knowledge is a real challenge for enterprises and a real concern for application security professionals. According to the SANS 2016 State of Application Security survey, the lack of AppSec skills, tools and methods was ranked most often as being in the top three challenges to implementing AppSec by respondents.

Pioneering the idea of shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.

Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.

“Checkmarx has been addressing the security skill challenge for over a decade and once we saw the value we can deliver to our customers by integrating Codebashing’s platform within our solution offering, we knew this would be a game changer for the industry,” said Emmanuel Benzaquen CEO of Checkmarx.

Gyan Chawdhary, CTO & Founder of Codebashing, has been active in the AppSec community for years. During his journey, he discovered that legacy Computer-Based Training approaches simply don’t resonate with developers.

“The team at Codebashing is very excited to join Checkmarx and we are looking forward to deliver our mutual offerings to millions of developers who will leverage the natural fit between Checkmarx and Codebashing,” said Gyan.

“We knew this was going to be an exciting journey for us when requests started pouring in. Large-scale organizations like Microsoft, Fitbit and Sky, and a whole host of other household names across the tech, retail, and financial verticals - have already implemented our solution to train, refresh and validate their developers’ secure coding techniques,” said John Yeo, CEO & Co-Founder of Codebashing. In regards to the acquisition, “We’ve been working with Checkmarx for a while now and our existing technology integration has proven to be a very natural fit for customers. The acquisition is an obvious force-multiplier, it’s superb for Codebashing’s future growth prospects, and fantastic for our customers,” said Yeo.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.