Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States.[1] Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

Checkmarx
Company typePrivate
IndustrySoftware Security, Application security
Founded2006
FounderMaty Siman (CTO), Emmanuel Benzaquen (Former CEO)
HeadquartersAtlanta, Georgia, US
Key people
Sandeep Johri (CEO)
Websitecheckmarx.com

History edit

Checkmarx was founded in 2006 by Maty Siman, the company's CTO, and Emmanuel Benzaquen, former CEO (2006 – 2023), and has over 900 employees.[2][1] Sandeep Johri has been serving as the CEO since February of 2023. The application security platform was designed for CISOs, AppSec managers, security advisors, and software developers.

On July 17, 2017, Checkmarx acquired Codebashing and started offering it as a service to help developers learn secure coding practices with gamified modules in their chosen programming language.[3] In 2018, it also acquired Custodela, a company that provides software security program development as well as consulting services.[4][5]

Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.

In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain.[6]

In 2021, the company launched Checkmarx One, a cloud-native Enterprise Application Security platform, which became its most known product. It offers enterprises a full suite of application security testing tools to enable DevSecOps, including static application security testing (SAST), dynamic application security testing (DAST), Software Composition Analysis (SCA), supply chain security (SCS), API security, container security, infrastructure as code security (KICS),[7] as well as CheckMarx Codebashing.[1][8]

Checkmarx One also offers Checkmarx Fusion, a scan correlation engine (83% of scans are currently cross-correlated in Checkmarx One deployments) and CheckAI.

In January 2022, the company launched AppSec Program Maturity Assessment (APMA), a service that helps users determine the exact phase of the AppSec program and the required steps to complete it. In the same month, Checkmarx Optimizer was also launched, which helps reduce application security testing alert fatigue.

On May 31, 2023, Checkmarx introduced CheckAI, the first set of GenAI solutions to help accelerate AppSec. It includes the AI Query Builder for SAST and IaC Security. In addition, in July 13, 2023, Checkmarx launched a plugin that helps users secure their code generated by GenAI, such as ChatGPT.

Application Security Research edit

Checkmarx's research department is known for uncovering technical vulnerabilities in popular technologies, software, applications, and IoT devices.[2]

In November 2019, the company's security research team uncovered a number of vulnerabilities affecting Google and Samsung smartphones. The vulnerabilities allowed an attacker to take remote control of smartphone apps, giving them the ability to take photos, record video and conversations, and identify the phone's location. The research team submitted a report to the Android security team at Google and continued to provide feedback as the vulnerabilities were addressed.[9][10]

In January 2020, Checkmarx detailed multiple security vulnerabilities with the Trifo Ironpie robot vacuum.[11] The company has also uncovered issues with Amazon Alexa,[12][13] Meetup,[14] and Tinder,[15][16] among others.

In August 2022, Checkmarx researchers found vulnerabilities in the Ring Android app, which could have allowed malicious applications to be installed on the user's phone to expose personal data, geolocation, and camera recordings.[17] The same year, Checkmarx uncovered malicious activity from the LofyGang[18] and RED-LILI.

In the first half of 2023, Checkmarx supply chain research team detected several open-source software supply chain attacks that specifically targeted the banking sector. These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities.

Reception edit

Gartner named Checkmarx as a Leader for six consecutive years (2018 to 2023) in Gartner Magic Quadrant for Application Security Testing. It was also recognized by customers on Gartner® Peer Insights™ as a Customers' Choice for Application Security Testing for the fourth consecutive year.

In 2021, Checkmarx won three gold Cybersecurity Global Excellence Awards for 'Software,'[19] 'Application Security,'[20] and 'Best Cybersecurity Company (500-999 employees).'[21] Checkmarx was also named a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q3 2021.

In 2022, Checkmarx earned a Fortress Cyber Security Award.[22]

In 2023, Checkmarx was recognized as market leader in The Forrester Wave™: Static Application Security Testing, Q3 2023[23] and a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q2 2023.[24] The same year, the Checkmarx One™ Platform received a 2023 DEVIES Award in the DevSecOps category.[25]

Funding edit

Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange.[26][27][28] In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million.[28][1][2]

In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG,[29] acquired Checkmarx for $1.15 billion.[1][2][30] After the acquisition, Insight Partners retained a minority interest in the company.[1][31]

See also edit

References edit

  1. ^ a b c d e f "Hellman & Friedman Acquires Checkmarx for $1.15B". Dark Reading. 16 March 2020. Retrieved 2020-09-01.
  2. ^ a b c d "Insight Partners sells security firm Checkmarx to Hellman & Friedman for $1.15B". TechCrunch. 16 March 2020. Retrieved 2020-09-01.
  3. ^ Bridgwater, Adrian. "Playing Games To Learn Code, Checkmarx Acquires Codebashing". Forbes. Retrieved 2020-09-04.
  4. ^ Wenkert, Amarelle (2018-11-08). "Cybersecurity Company Checkmarx Buys Ontario-based Custodela". CTECH - www.calcalistech.com. Retrieved 2020-09-09.
  5. ^ "Checkmarx Acquires Custodela". Dark Reading. 8 November 2018. Retrieved 2020-09-09.
  6. ^ "Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. 5 August 2021.
  7. ^ "Checkmarx debuts new Keeping Infrastructure as Code Secure solution". SDTimes. 25 February 2021. Retrieved 2021-05-03.
  8. ^ Columbus, Louis. "Why Security Needs To Be Integral To DevOps". Forbes. Retrieved 2020-09-01.
  9. ^ Winder, Davey. "Google Confirms Android Camera Security Threat: 'Hundreds Of Millions' Of Users Affected". Forbes. Retrieved 2020-09-02.
  10. ^ "Bugs From Big Tech Beg the Question: Should You Cover Your Smartphone Camera?". Fortune. Retrieved 2020-09-04.
  11. ^ Hautala, Laura. "Hackers can peep through this smart vacuum's camera, research shows". CNET. Retrieved 2020-09-04.
  12. ^ "Turning an Amazon Echo Into a Spy Device Only Took Some Clever Coding". Wired. Retrieved 2020-09-02.
  13. ^ Ng, Alfred. "Amazon Alexa flaw would have let hackers listen in". CNET. Retrieved 2020-09-02.
  14. ^ Winder, Davey. "Meetup Security Flaws Exposed 44 Million Members To Data Loss And Payment Threat". Forbes. Archived from the original on August 4, 2020. Retrieved 2020-09-04.
  15. ^ "Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes". Wired. Retrieved 2020-09-02.
  16. ^ Murnane, Kevin. "Amazon's Alexa Hacked To Surreptitiously Record Everything It Hears". Forbes. Retrieved 2020-09-02.
  17. ^ "Ring patched an Android bug that could have exposed video footage". arstechnica.com. KEVIN PURDY. Retrieved 18 August 2022.
  18. ^ "LofyGang is a software supply chain threat actor".
  19. ^ "2021 Cybersecurity Industry Solution Awards – Winners".
  20. ^ "2021 Cybersecurity Product / Service Awards – Winners".
  21. ^ "2021 Cybersecurity Company Awards – Winners".
  22. ^ "100 NAMED IN 2022 FORTRESS CYBER SECURITY AWARDS". bintelligence.com. Retrieved 7 June 2022.
  23. ^ "Checkmarx Named a Leader in Static Application Security Testing (SAST) by Independent Research Firm". Retrieved 20 September 2023.
  24. ^ "The Forrester Wave™: Software Composition Analysis, Q2 2023". forrester.com. Janet Worthington. Retrieved 13 June 2023.
  25. ^ "Checkmarx Wins 2023 DEVIES Award in DevSecOps Category". Retrieved 15 February 2023.
  26. ^ Scheer, Matt (2020-07-27). "Security Checks When Submitting Apps to the Salesforce ISV Team". crmscience. Retrieved 2020-11-13.
  27. ^ "Checkmarx Raises Funding From Salesforce.com, Ofer Hi-Tech". TechCrunch. Retrieved 2020-09-04.[permanent dead link]
  28. ^ a b "Insight Venture Partners to buy Israeli co Checkmarx - Globes". en.globes.co.il (in Hebrew). 2015-06-17. Retrieved 2020-09-09.
  29. ^ "In $1.15 Billion Deal, Hellman & Friedman Acquires DevOps Firm Checkmarx | Israel Defense". www.israeldefense.co.il. 17 April 2020. Retrieved 2020-10-21.
  30. ^ "3 Israeli cybersecurity firms win Black Unicorn Awards". ISRAEL21c. 2019-08-22. Retrieved 2020-10-21.
  31. ^ Novinson, Michael (2020-06-24). "The Biggest 10 Cybersecurity Acquisitions Of 2020 (So Far)". CRN. Retrieved 2020-09-04.