Professional Documents
Culture Documents
2016 Corporate Presentation
2016 Corporate Presentation
2016 Corporate Presentation
PRESENTATION
2016.
ABOUT US
Hitech Retail Finance Health & Gov & Gaming Consulting Media Telecom
Insurance Defense
- Confidential -
WHAT ACTUALLY
MATTERS IN
APPLICATION
SECURITY
TESTING?
DEVELOPERS WANT TO CODE. APPSEC WANT TO
TEST
NO SECURITY SOFTWARE WORKS SITTING ON THE SHELF
DEVELOPERS’ ADOPTION
IS THE MOST IMPORTANT CRITERION OF SECURITY
TESTING
CHECKMARX – CHOOSE WHAT DEVELOPERS USE
CHECKMARX FITTING IN
MAKES SECURITY SEAMLESSLY WITH
TESTING HOW DEVELOPERS
EASIER TO WORK
SWALLOW
OUR OFFERING.
CHECKMARX OFFERING
Static Application Open Source SDLC Security Gate Client Operated Checkmarx as a
Security Testing (SAST) Analysis (OSA) Service (Fully
Managed service)
IDE integration
Vulnerable
line of code
Where to fix
detailed ?
remediation
advice
FLUENT IN ALL MAJOR LANGUAGES
No complex command-line or
wizards required
No dependencies need to be
configured
$960
Checkmarx
detects here
$240
$80
“Using Checkmarx is easier than other tools.” “Checkmarx is loved by both our infosec
team and our developers.”
- Vitaly Osipov, Information Security Expert, Atlassian
- Kobi Lechner, Information Security Manager, Playtech
“…over 2.5 Billion LoCs scanned to date and “Checkmarx’s technology is highly accurate
over 2 Million vulnerabilities detected… , and easy to use.”
# Bugs/year
PenTesting
DAST
Security Gate
SAST
Timeline
Today +6 months +12 months
Tools
Appsec
Program
Skills Processes
AppSec Offering
Product Service
Security
Gate
SDLC
SOLUTION TYPES
AppSec
Security Gate
(Developers)
SDLC
(Developers)
Advanced security training for AppSec team Define KPIs for success
Remediation Advice
Written remediation advice
action + plan on next steps
Ticketing & Reporting
Automotive bugs reports
in tracking system and
integrate with external
SDLC dashboards
Automated scans as
part of a build process
Onboarding + Developer access to
results via IDE
Online project scan
results. Removal of
Installation main FP results.
Production ready. Project scan report
Configuration,
documentation and
administration training.
UNDER THE
HOOD
CHECKMARX SAST ARCHITECTURE
Code &
Flow DB
Security Beyond
Query Security
Detection Engine
CHECKMARX SDLC INTEGRATION POINTS – AGILE
Develop
Developer IDE Plugins Build Servers
Bamboo CLI
SVN TFS
Release
Decision CLI, Web Services API
Security Gate Scanning
VULNERABILITY COVERAGE- COMPLIANCE
?!?!
HUH..?
SQL..?
CHALLENGE #2: OUTNUMBERED
Time
Late Entry
DEMO.