Exclusive: Checkmarx on the state of API security and keeping developers safe
According to Gartner research, 60% of organisations will harden their software delivery pipelines to protect against supply chain security attacks by 2025. APIs are becoming significantly more exposed, leading to security issues across all spectrums of a business. This is why it is important to have the right security software solutions in place.
Checkmarx is a global software security company that helps developers create breakthrough apps, meet deadlines, and ship securely.
Having been a driving force in the security space for 15 years, the company says that they are constantly pushing the boundaries of Application Security Testing to make security seamless and straightforward for developers while also giving CISOs the confidence and control they need.
A significant focus for the company is giving development and security teams accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software—including proprietary code, open source, APIs, and infrastructure as code.
Currently, over 1,600 customers, including nearly half of the Fortune 50, rely on Checkmarx's security technology, expert research, and global services to securely optimise app development at speed and scale.
As proof of its global reach, Checkmarx has a sales presence in 23 countries and incorporated its Asia Pacific regional headquarters in Singapore in November 2017. Checkmarx also has offices in Australia, China, India, and South Korea.
When looking at the company's technology, the Checkmarx One Platform is one of the key drivers in delivering effective solutions.
The platform delivers from the cloud and is designed to support on-premises, cloud, and hybrid development environments. Checkmarx one identifies security issues, improves remediation code security throughout the software development life cycle and ensures software remains secure from a developer's first code commit through the push to production.
It is a single solution spanning the complex landscape of custom code, open source components, Infrastructure-as-Code (IaC) deployments, and open source supply chain, allowing application code to be more efficiently and effectively secured.
"The Checkmarx One Application Security Platform fits right into an automated DevOps environment and addresses all stages of the SDLC, enabling our customers to accelerate delivery of secure software," says Checkmarx CEO Emmanuel Benzaquen.
Other integrated solutions that are part of the Checkmarx portfolio include Checkmarx SAST, which automatically scans at the source code level for vulnerabilities early in the development life cycle, and Checkmarx SCA, which is a software composition analysis solution designed to help development teams manage open source vulnerability and licence risk.
There is also Checkmarx Codebashing, a flexible and focused gamified training platform to teach developers how to code more securely, and KICS by Checkmarx which acts as a scalable, open source solution that automatically parses common IaC files of any type to detect insecure configurations that could expose applications, data or services to attack.
New developments have also recently been introduced to the market. One of these is Checkmarx Fusion, a context-aware correlation engine that enables complete visibility into applications, component interactions, and bills of materials.
There is also a new MSSP Program to assist companies in growing their MSSP business and an API Security solution that has been named the first true "shift-left" API security solution.
"As an early innovator in the application security testing market, Checkmarx has been relentless in our mission to continuously innovate and lead the industry with solutions that dramatically improve software security while meeting the evolving needs of the modern software development landscape," says Benzaquen.
"Checkmarx is bringing a developer-first approach to detecting supply chain attacks in code packages, leveraging a comprehensive suite of threat intelligence, behavioral intelligence and machine-learning models.