{"id":3672,"date":"2020-05-11T10:49:13","date_gmt":"2020-05-11T10:49:13","guid":{"rendered":"https:\/\/ecs-et.com\/?page_id=3672"},"modified":"2020-05-11T17:22:30","modified_gmt":"2020-05-11T17:22:30","slug":"checkmarx-appsec-awareness-solution-cxcodebashing","status":"publish","type":"page","link":"https:\/\/ecs-et.com\/am\/checkmarx-appsec-awareness-solution-cxcodebashing\/","title":{"rendered":"Checkmarx AppSec Awareness Solution (CxCodebashing)"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t

As DevOps continues along its path of domination, organizations are seeking to bring development and security teams closer together to support the release of secure software and faster time-to-market. The needs and benefits of moving security into the realm of the developer are clear \u2013 it saves time, money and company resources. However, the reality is that around 60% of developers* don\u2019t have confidence in the security of their own applications. This gap exists as developers are often underserved when it comes to security strategy. Organizations normally put developers through secure code training once a year, or at best, once a quarter, and hope that from then onwards developers will be able to get on the same page as security teams. While thisapproach \u201cchecks the training box\u201d, it doesn\u2019t not truly cultivate a sustained culture of software awareness.<\/p>\n

Raising AppSec awareness cannot be thought of as a distinct step in the SDLC. It\u2019s all about inserting awareness into every step of the SDLC in a manner that actually fuels faster releases. CxCodebashing was designed exactly for this reason. Through the use of open communication, ongoing engagement, gamified training, and on-the-spot remediation support, security managers can cultivate a culture of software security that empowers developers to think and act securely in their day-to-day work.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\t
\n\t\t
\n\t\t\t

CxCodebashing\u2019s unique value:<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Leveraging Over 13 years of AppSec Experience<\/strong>
\nBeing an integral part of Checkmarx, CxCodebashing
\nmakes use of real-world examples and best practices
\ngained from years of experience with over 1400
\ncustomers around the globe<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Developer-Centric<\/strong>
\nDevelopers \u201cwear the hacker\u2019s hat\u201d as they see all the
\nmoving parts of the application stack that are relevant
\nto explaining the vulnerability<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Training and Beyond<\/strong>
\nProviding security teams with the communication,
\nengagement, training, and assessment tools they
\nneed to execute comprehensive AppSec Awareness
\ncampaigns for developers throughout the year<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Built to Scale<\/strong>
\nLarge enterprise teams are easily be managed and
\ntracked in CxCodebashing with drill-down dashboard
\nanalytics and built-in support for major SAML\/SSO
\nproviders<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\tView or Download Brochure<\/a><\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Just-in-Time Remediation Support<\/strong>
\nVulnerabilities detected in Checkmarx Static Application
\nSecurity Testing (CxSAST) include an easy-to-follow link
\nto the relevant CxCodebashing lesson<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\tView or Download Brochure<\/a><\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>
\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div>
\n\t
\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Raise the AppSec bar<\/strong>
\nCxCodebashing allows organization to raise the baseline AppSec knowledge across their entire development team in a fast, scalable, and positive manner. The philosophy behind the solution is to empower developers long-term, by teaching them how to think and act with a secure mindset, rather than how to solve specific issues. Security managers can create and sustain an open channel of communication, keeping developers up-to-date on AppSec news and activities. Managers have full control and visibility \u2013 they can easily assign specific programming language courses to their teams and continuously track their progress.<\/p>\n

Learn while coding<\/strong>
\nUnlike traditional classroom or video-based training, CxCodebashing is a hands-on, interactive solution that fits into developers\u2019 daily routine. Rather than spending a whole day learning about security vulnerabilities out-of-context, developers receive bite-size, on-demand sessions that are relevant to the specific challenges they are facing in their code.<\/p>\n

Find and fix in one go<\/strong>
\nCheckmarx offers a unique integration between its Static Application Security Testing (CxSAST) solution and secure coding education solution. Vulnerabilities identified by static analysis are linked to practical training lessons, providing quick and pointed remediation guidance. This teaches the developer why the problem happened, how to fix it, and, more importantly, how to prevent making the same mistake again.<\/p>\n

Comply with regulatory standards<\/strong>
\nCxCodebashing is compatible with regulatory standards such as the PCI-DSS that requires either \u201crole based security training\u201d or more specifically \u201cdeveloper security training\u201d.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\t
\n\t\t
\n\t\t\t

Supported Languages and Frameworks <\/strong><\/p>\n\n\t\t<\/div>\n\t<\/div>\n\n\t

\n\t\t\n\t\t
\n\t\t\t
\"\"<\/div>\n\t\t<\/figure>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>
\n\t
\n\t\t
\n\t\t\t

Vulnerability Coverage<\/strong>
\nCxIAST detects input related and application vulnerabilities, including the OWASP Top Ten and more.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\n\t
\n\t\t
\n\t\t\t

\u2022 SQL Injection
\n\u2022 XXE Injection
\n\u2022 Command Injection
\n\u2022 Session Fixation
\n\u2022 Use of Insufficiently Random Values
\n\u2022 Reflected XSS
\n\u2022 Persistent (Stored) XSS
\n\u2022 DOM XSS<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

\n\t
\n\t\t
\n\t\t\t

\u2022 Directory (Path) Traversal
\n\u2022 Privileged Interface Exposure
\n\u2022 Leftover Debug Code
\n\u2022 Authentication Credentials In URL
\n\u2022 Session Exposure within URL
\n\u2022 User Enumeration
\n\u2022 Horizontal Privilege Escalation
\n\u2022 Vertical Privilege Escalation<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

\n\t
\n\t\t
\n\t\t\t

\u2022 Cross Site Request Forgery (POST)
\n\u2022 Cross Site Request Forgery (GET)
\n\u2022 Click Jacking
\n\u2022 Insecure URL Redirect
\n\u2022 Insecure TLS Validation
\n\u2022 Insecure Object Deserialization
\n\u2022 Components with Known Vulnerabilities<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div>

\r\n\t\t\t\t

CONNECT WITH US<\/h2>\r\n\t\t\t\t
Please fill out the form and send us a message. We will get back to you within 1-3 business days.<\/div>\n<\/div> \r\n\t\t\t<\/div>
\n
\n

<\/p>

    <\/ul><\/div>\n
    \n
    \n<\/fieldset>\n
    \n\t
    \n\t\t
    \n\t\t\t

    <\/span><\/span><\/span>\n\t\t\t<\/p>\n\t\t<\/div>\n\t\t

    \n\t\t\t