DEVOPSdigest

Checkmarx announced availability of a new secure coding eLearning platform, called AppSec Coach, providing Checkmarx customers the ability to address one of the greatest challenges in the software industry when it comes to application security: finding an effective way to provide developers knowledge and skills to write secure code.

The new capability is a significant addition to the Checkmarx application security testing portfolio, which helps to sharpen the skills developers need to fix vulnerabilities and write secure code. This new add-on provides in-context, bite-sized secure coding training modules, available when and where the developer needs to fix the code. AppSec Coach, integrated within Checkmarx CxSAST source code analysis solutions, is the first of its kind for developer security education and the new offering strengthens the Checkmarx commitment to developer enablement.

Lack of developer secure coding skills and awareness is continuously named as one of the most significant challenges organizations face across all verticals. As reiterated in the SANS 2016 State of Application Security survey, developer education is seen as the most effective tool to enhance the application’s security state. However, that same survey shows that implementing effective and continuous education is still the top challenge for these same organizations.

Checkmarx AppSec Coach, integrated within CxSAST, is a fun and engaging approach to get developers the knowledge they need at the time and place they need it most. By providing in-context, interactive, bite-sized educational modules, AppSec Coach ensures developers are trained exactly on what they need, when they need it, without pulling them out of their daily work routine.

“Skills shortages will continue to be a problem as new technologies emerge,” says Johannes Ullrich, Ph.D, Dean of Research for the SANS Technology Institute. “Skills shortages have, historically, been a problem for almost all InfoSec disciplines. Organizations will need to continue to leverage training and education to develop their skill sets.”

“It's no secret that the ability to deliver secure applications eventually depends on the developer's ability to avoid the pitfalls a hacker would exploit,” says Nir Livni, VP of Products at Checkmarx. “Introducing AppSec Coach serves that exact purpose. AppSec Coach allows organizations to further shift left their remediation activities, and moreover, to write secure code to begin with. This will not only reduce development and remediation costs, but also reduce the overall time to market.”