challenges and solutions - black hat
TRANSCRIPT
![Page 2: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/2.jpg)
About Checkmarx
o Founded in 2006
o Enterprise Grade Application Security Solutions:
SAST | RASP | Application Security Education
o Hundreds of Fortune 500 and SMB Customers
o ~150 Employees WW
o Fanatical support
“Leader” in the 2014 AST Wave
“Challenger “- 2014 AST Magic Quadrant & Only Vendor to score a perfect 5 in 2014 AST Critical Capabilities Report
Fastest Growing Security Company in Israel, 2014 Tech Fast 500
Red Herring EMEA Top 100 Winners
Awards
![Page 3: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/3.jpg)
High Profile breaches
2013
2014
LATEST
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 4: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/4.jpg)
Challenges
![Page 5: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/5.jpg)
Challenge #1: Lack of secure coding knowledge
Developers Security Manager
![Page 6: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/6.jpg)
Solution #1 Education & Awareness
• Application security education and awareness is needed throughout the entire development and deployment organization
• What are the impacts of unsecure code
• Measure your developers by quality and security
• Buy-in your developers• Make sure developers have something to
gain• Make the process transparent for
developers
![Page 7: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/7.jpg)
Solution #1: Scan & Fix- see where and how to fix the vulnerability
?
What to fix
How to FixWhere to Fix
Who should Fix
![Page 8: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/8.jpg)
Challenge #2: Outnumbered
Developers Security Manager
![Page 9: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/9.jpg)
Solution 2#: Automate the process
DevelopersSource repository
Fix suggestions
Build management
Auditor control panelBug tracking
SVN
TFS
TFS
Bamboo
Web Service API
CLI
CxAudit
Checkmarx web client
TeamMentor
Dashboards
DAST
Integrations
Enforce your security policy in the SDLC
![Page 10: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/10.jpg)
Challenge #3: Lack of budget
![Page 11: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/11.jpg)
Solution 3#: SAST reduces # of security bugs
PenTestingDAST
Centralized SAST
SAST as part of the SDLC
# Bugs/ year
Timeline
+6 monthsToday +12 months
![Page 12: Challenges and Solutions - Black Hat](https://reader031.vdocuments.net/reader031/viewer/2022020910/61fff17769105067320fa06a/html5/thumbnails/12.jpg)
SAST ROIPe
rcen
tage
of
Bu
gs
Coding Unit Tests
Function Test
Field Test
Post release
85%
Most vulnerabilities are created during coding
$25$100
$250
$1000
$16000
= Cost of repairing at this dev Phase
= Defects introduced at this dev Phase
resolve your vulnerabilities here