Checkmarx

Last updated
Checkmarx
Company typePrivate
Industry Software Security, Application security
Founded2006
FounderMaty Siman (CTO), Emmanuel Benzaquen (Former CEO)
HeadquartersAtlanta, Georgia, US
Key people
 Sandeep Johri (CEO)
Website checkmarx.com

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. [1] Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

Contents

History

Checkmarx was founded in 2006 by Maty Siman, the company's CTO, and Emmanuel Benzaquen, former CEO (2006 – 2023), and has over 900 employees. [2] [1] Sandeep Johri has been serving as the CEO since February of 2023. The application security platform was designed for CISOs, AppSec managers, security advisors, and software developers.

On July 17, 2017, Checkmarx acquired Codebashing and started offering it as a service to help developers learn secure coding practices with gamified modules in their chosen programming language. [3] In 2018, it also acquired Custodela, a company that provides software security program development as well as consulting services. [4] [5]

Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.

In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain. [6]

In 2021, the company launched Checkmarx One, a cloud-native Enterprise Application Security platform, which became its most known product. It offers enterprises a full suite of application security testing tools to enable DevSecOps, including static application security testing (SAST), dynamic application security testing (DAST), Software Composition Analysis (SCA), supply chain security (SCS), API security, container security, infrastructure as code security (KICS), [7] as well as CheckMarx Codebashing. [1] [8]

Checkmarx One also offers Checkmarx Fusion, a scan correlation engine (83% of scans are currently cross-correlated in Checkmarx One deployments) and CheckAI.

In January 2022, the company launched AppSec Program Maturity Assessment (APMA), a service that helps users determine the exact phase of the AppSec program and the required steps to complete it. In the same month, Checkmarx Optimizer was also launched, which helps reduce application security testing alert fatigue.

On May 31, 2023, Checkmarx introduced CheckAI, the first set of GenAI solutions to help accelerate AppSec. It includes the AI Query Builder for SAST and IaC Security. In addition, on July 13, 2023, Checkmarx launched a plugin that helps users secure their code generated by GenAI, such as ChatGPT.

Application Security Research

Checkmarx's research department is known for uncovering technical vulnerabilities in popular technologies, software, applications, and IoT devices. [2]

In November 2019, the company's security research team uncovered a number of vulnerabilities affecting Google and Samsung smartphones. The vulnerabilities allowed an attacker to take remote control of smartphone apps, giving them the ability to take photos, record video and conversations, and identify the phone's location. The research team submitted a report to the Android security team at Google and continued to provide feedback as the vulnerabilities were addressed. [9] [10]

In January 2020, Checkmarx detailed multiple security vulnerabilities with the Trifo Ironpie robot vacuum. [11] The company has also uncovered issues with Amazon Alexa, [12] [13] Meetup, [14] and Tinder, [15] [16] among others.

In August 2022, Checkmarx researchers found vulnerabilities in the Ring Android app, which could have allowed malicious applications to be installed on the user's phone to expose personal data, geolocation, and camera recordings. [17] The same year, Checkmarx uncovered malicious activity from the LofyGang [18] and RED-LILI.

In the first half of 2023, Checkmarx supply chain research team detected several open-source software supply chain attacks that specifically targeted the banking sector. These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities.

Reception

Gartner named Checkmarx as a Leader for six consecutive years (2018 to 2023) in Gartner Magic Quadrant for Application Security Testing. It was also recognized by customers on Gartner® Peer Insights™ as a Customers' Choice for Application Security Testing for the fourth consecutive year.

In 2021, Checkmarx won three gold Cybersecurity Global Excellence Awards for 'Software,' [19] 'Application Security,' [20] and 'Best Cybersecurity Company (500-999 employees).' [21] Checkmarx was also named a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q3 2021.

In 2022, Checkmarx earned a Fortress Cyber Security Award. [22]

In 2023, Checkmarx was recognized as market leader in The Forrester Wave™: Static Application Security Testing, Q3 2023 [23] and a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q2 2023. [24] The same year, the Checkmarx One™ Platform received a 2023 DEVIES Award in the DevSecOps category. [25]

Funding

Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange. [26] [27] [28] In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million. [28] [1] [2]

In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG, [29] acquired Checkmarx for $1.15 billion. [1] [2] [30] After the acquisition, Insight Partners retained a minority interest in the company. [1] [31]

See also

Related Research Articles

<span class="mw-page-title-main">Synopsys</span> American software company

Synopsys, Inc. is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys supplies tools and services to the semiconductor design and manufacturing industry. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development, and debugging environments that assist in the design of the logic for chips and computer systems. As of 2023, the company is a component of both the Nasdaq-100 and S&P 500 indices.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

The Open Worldwide Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

<span class="mw-page-title-main">UST (company)</span> American technology company

UST, formerly known as UST GLOBAL, is a provider of digital technology and transformation, information technology and services, headquartered in Aliso Viejo, California, United States. Stephen Ross founded UST in 1998 in Laguna Hills. The company has offices in the Americas, EMEA, APAC, and India.

<span class="mw-page-title-main">Splunk</span> American technology company

Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a web-style interface. Its software helps capture, index and correlate real-time data in a searchable repository, from which it can generate graphs, reports, alerts, dashboards and visualizations.

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

Sauce Labs is an American cloud-hosted, web and mobile application automated testing platform company based in San Francisco, California.

DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle. DevOps is complementary to agile software development; several DevOps aspects came from the agile way of working.

GitLab Inc. is an open-core company that operates GitLab, a DevOps software package that can develop, secure, and operate software. The open-source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij. In 2018, GitLab Inc. was considered to be the first partly-Ukrainian unicorn.

<span class="mw-page-title-main">Dynatrace</span> American technology company

Dynatrace, Inc. is a global technology company that provides a software observability platform based on artificial intelligence (AI) and automation. Dynatrace technologies are used to monitor, analyze, and optimize application performance, software development and security practices, IT infrastructure, and user experience for businesses and government agencies throughout the world.

XebiaLabs is an independent software company specializing in DevOps and continuous delivery for large enterprise organizations. XebiaLabs offers a DevOps Platform for application-release automation (ARO). These components include release orchestration, deployment automation and DevOps intelligence.

Perforce Software, Inc. is an American developer of software used for developing and running applications, including version control software, web-based repository management, developer collaboration, application lifecycle management, web application servers, debugging tools and agile planning software.

<span class="mw-page-title-main">Tricentis</span> Austrian software testing company

Tricentis is a software testing company founded in 2007 and headquartered in Austin, Texas. It provides software testing automation and software quality assurance products for enterprise software.

<span class="mw-page-title-main">Sandeep Johri</span> Indian businessman

Sandeep Johri is the current CEO of Checkmarx, an application security company. He is the former CEO of Tricentis, an IT testing software company.

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

Snyk is a cybersecurity company specializing in cloud computing. It was founded in 2015 out of London and Tel Aviv with headquarters in Boston.

Interactive application security testing is a security testing method that detects software vulnerabilities by interaction with the program coupled with observation and sensors. The tool was launched by several application security companies. It is distinct from static application security testing, which does not interact with the program, and dynamic application security testing, which considers the program as a black box. It may be considered a mix of both.

References

  1. 1 2 3 4 5 6 "Hellman & Friedman Acquires Checkmarx for $1.15B". Dark Reading. 16 March 2020. Retrieved 2024-05-06.
  2. 1 2 3 4 "Insight Partners sells security firm Checkmarx to Hellman & Friedman for $1.15B". TechCrunch. 16 March 2020. Retrieved 2020-09-01.
  3. Bridgwater, Adrian. "Playing Games To Learn Code, Checkmarx Acquires Codebashing". Forbes. Retrieved 2020-09-04.
  4. Wenkert, Amarelle (2018-11-08). "Cybersecurity Company Checkmarx Buys Ontario-based Custodela". CTECH - www.calcalistech.com. Retrieved 2020-09-09.
  5. "Checkmarx Acquires Custodela". Dark Reading. 8 November 2018. Retrieved 2020-09-09.
  6. "Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. 5 August 2021.
  7. "Checkmarx debuts new Keeping Infrastructure as Code Secure solution". SDTimes. 25 February 2021. Retrieved 2021-05-03.
  8. Columbus, Louis. "Why Security Needs To Be Integral To DevOps". Forbes. Retrieved 2020-09-01.
  9. Winder, Davey. "Google Confirms Android Camera Security Threat: 'Hundreds Of Millions' Of Users Affected". Forbes. Retrieved 2020-09-02.
  10. "Bugs From Big Tech Beg the Question: Should You Cover Your Smartphone Camera?". Fortune. Retrieved 2020-09-04.
  11. Hautala, Laura. "Hackers can peep through this smart vacuum's camera, research shows". CNET. Retrieved 2020-09-04.
  12. "Turning an Amazon Echo Into a Spy Device Only Took Some Clever Coding". Wired. Retrieved 2020-09-02.
  13. Ng, Alfred. "Amazon Alexa flaw would have let hackers listen in". CNET. Retrieved 2020-09-02.
  14. Winder, Davey. "Meetup Security Flaws Exposed 44 Million Members To Data Loss And Payment Threat". Forbes. Archived from the original on August 4, 2020. Retrieved 2020-09-04.
  15. "Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes". Wired. Retrieved 2020-09-02.
  16. Murnane, Kevin. "Amazon's Alexa Hacked To Surreptitiously Record Everything It Hears". Forbes. Retrieved 2020-09-02.
  17. "Ring patched an Android bug that could have exposed video footage". arstechnica.com. KEVIN PURDY. 18 August 2022. Retrieved 18 August 2022.
  18. "LofyGang is a software supply chain threat actor".
  19. "2021 Cybersecurity Industry Solution Awards – Winners". 24 February 2021.
  20. "2021 Cybersecurity Product / Service Awards – Winners". 25 February 2021.
  21. "2021 Cybersecurity Company Awards – Winners". 25 February 2021.
  22. "100 NAMED IN 2022 FORTRESS CYBER SECURITY AWARDS". bintelligence.com. Retrieved 7 June 2022.
  23. "Checkmarx Named a Leader in Static Application Security Testing (SAST) by Independent Research Firm" (Press release). Retrieved 20 September 2023.
  24. "The Forrester Wave™: Software Composition Analysis, Q2 2023". forrester.com. Janet Worthington. Retrieved 13 June 2023.
  25. "Checkmarx Wins 2023 DEVIES Award in DevSecOps Category" . Retrieved 15 February 2023.
  26. Scheer, Matt (2020-07-27). "Security Checks When Submitting Apps to the Salesforce ISV Team". crmscience. Retrieved 2020-11-13.
  27. "Checkmarx Raises Funding From Salesforce.com, Ofer Hi-Tech". TechCrunch. Retrieved 2020-09-04.[ permanent dead link ]
  28. 1 2 "Insight Venture Partners to buy Israeli co Checkmarx - Globes". en.globes.co.il (in Hebrew). 2015-06-17. Retrieved 2020-09-09.
  29. "In $1.15 Billion Deal, Hellman & Friedman Acquires DevOps Firm Checkmarx | Israel Defense". www.israeldefense.co.il. 17 April 2020. Retrieved 2020-10-21.
  30. "3 Israeli cybersecurity firms win Black Unicorn Awards". ISRAEL21c. 2019-08-22. Retrieved 2020-10-21.
  31. Novinson, Michael (2020-06-24). "The Biggest 10 Cybersecurity Acquisitions Of 2020 (So Far)". CRN. Retrieved 2020-09-04.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.