Regardless of the motivation or objectives, almost every cyberattack relies to some extent on exploiting vulnerabilities in code, which is why application security is one of the core elements of effective cybersecurity. However, the complexity of code and the development and deployment process make it increasingly difficult to manage application security. This week at RSA, Checkmarx announced Checkmarx Fusion to simplify the complexity and streamline application security testing.
Checkmarx Fusion
Organizations that develop code understand the importance of application security. It’s not that they are unaware of or ignoring the issue. The challenge is that they have a variety of tools for testing code security at different stages of the development lifecycle, but the results from those tools are not correlated. The pace of development requires a consolidated understanding of application security to streamline production and deployment.
“Development teams test tens of millions of lines of code monthly. With the complexity of modern applications – which include source code, open source code, Infrastructure-as-Code, containers, and more – developers and their AppSec leaders have a critical need for visibility into how application components interact,” said Checkmarx Chief Product Officer Razi Sharir in the press release.
Checkmarx Fusion is a context-aware correlation engine that provides a holistic view of application security. It enables visibility into the applications, component interactions, and bills of materials to provide a consolidated view of application security scan results across the software lifecycle. More importantly, Checkmarx Fusion correlates and prioritizes vulnerabilities, so AppSec teams have the information they need to focus on remediating the most critical issues first.
Four Pillars of Comprehensive AppSec
“The breadth of capabilities in Checkmarx’s portfolio, which spans SAST, SCA, IAST, and IaC security, delivered in a unified platform is an advantage in the highly competitive DevSecOps market space,” declared Melinda-Carol Ballou, Research Director for IDC’s Application Life-Cycle Management (ALM) program, in the Checkmarx press release. “The platform’s developer focus, along with DevOps toolchain integrations and contextualized training, can increase developer performance and lighten the load of security testing, permitting the rapid delivery of more secure applications.”
The press release for Checkmarx Fusion explains that the solution empowers developers and AppSec teams with four key pillars:
- Visibility: Provides threat modeling by mapping threats in a visual, intuitive graph containing all software elements, consumed cloud resources, and relationships between them. Checkmarx Fusion extrapolates potential vulnerabilities within two or more scans that might otherwise escape detection.
- Correlation: Adds context to the silo scanners by combining and correlating results from static code scans and runtime scans, effectively eliminating false positives.
- Prioritization: Focuses developers and AppSec teams on solving the most critical issues by prioritizing vulnerabilities based on their real impact and risk.
- Cloud-Native: Leverages cloud-native architecture including microservices, cloud resources, containers, and APIs while correlating insights from pre-deployment to runtime.
Visit the Checkmarx Booth
Checkmarx Fusion is available now as part of Checkmarx One—a comprehensive application security testing platform. If you are at RSA, stop by Booth 1755 in the South Hall to talk with the Checkmarx team and learn more about Checkmarx Fusion.
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024