Checkmarx Launches New AI-Powered Capabilities to Enhance Application Security
Introduction
On May 31, 2023, Checkmarx, the global leader in application security solutions, announced its new AI Query Builders and AI Guided Remediation designed to assist development and application security (AppSec) teams in identifying and remediating application vulnerabilities more accurately within the Checkmarx One™ Application Security Platform.
The Power of AI Query Builders
The AI Query Builders offer powerful AI-driven features aimed at helping CISOs, AppSec teams, and application developers deliver secure code faster. The Checkmarx SAST provides a flexible approach to increase static coverage, with AI Query Builder for SAST providing developers and AppSec teams with AI-generated custom SAST queries that fine-tune their results, modify existing queries, and add new use cases to increase coverage while reducing false positives by up to 90% and improving developers’ alert accuracy.
Checkmarx IaC Security presents a new query builder that allows developers, cloud engineers, and AppSec teams to add new IaC queries with no prior knowledge of them needed, providing AI-generated queries based on the entry of simple text. Built by GPT without sharing user files or data, they can be executed alongside the built-in queries in IaC Security or Keep-it-Compliant and Secure (KICS) by Checkmarx, making it the first AI query builder available for open source.
The Importance of AI Guided Remediation
The AI Guided Remediation offers actionable remediation within integrated development environments (IDEs), assisting developers in comprehending IaC and API misconfigurations without additional resources. With AI-guided remediation, organizations can now address issues within their IaC templates promptly, reducing management overhead, boosting developer adoption, and delivering more secure applications quickly.
According to Checkmarx CEO Sandeep Johri, the Checkmarx innovation brings more accurate and guided application security solutions to the industry, using generative AI to disrupt and transform the way developers secure applications. “We’re proud to push the industry forward with new AI-driven capabilities and to support CISOs and AppSec leaders to better support their development teams, making AppSec more effective and comprehensive as part of cloud and digital transformation.”
The Benefits of Checkmarx One
Purpose-built for cloud-native application development, Checkmarx One offers a highly scalable platform that integrates seamlessly with developers’ tools and IDEs of choice. The platform features context-sensitive correlation engine Checkmarx Fusion, along with API Security, Supply Chain Security, Supply Chain Threat Intelligence, and comprehensive threat modeling, enabling the industry’s most comprehensive and innovative application security approach.
The role of Checkmarx in the Community
Checkmarx Chief R&D Officer Kobi Tzruya stated that their enterprise customers directly influence their technology roadmap. Understanding their challenges along with the opportunities brought by complementary technologies keeps them focused on the AppSec solutions customers will need ten years from now while speeding up the time-to-delivery today. With these new capabilities in Checkmarx One, the company accommodates the requirements of both security and development teams within one platform.
Recently, the Checkmarx AppSec research team discovered a vulnerability in the OpenAI ChatGPT signup process enabling “unlimited” credit on new accounts. They disclosed this vulnerability to the OpenAI security team and worked collaboratively to close it.
Conclusion and Advice
Checkmarx‘s launch of AI Query Builders and AI Guided Remediation demonstrates their commitment to delivering innovative and comprehensive application security solutions. However, given concerns about the potential abuses of AI technology, it’s important to question how the AI queries generated in these tools were trained. Additionally, there’s a need for companies like Checkmarx to provide clear guidelines and practices on AI usage to help prevent the misuse of AI solutions.
In an era where cyberattacks are rampant and evolving, it’s necessary to invest in securing applications. As such, businesses must collaborate with security professionals to ensure they have the best solutions for their specific needs. By combining AI capabilities with context-sensitive correlation engines and comprehensive threat modeling, the industry’s most innovative and comprehensive application security approach can be implemented.
<< photo by Luca Morvillo >>
You might want to read !
- “Chrome 114: How Google Continues to Prioritize Security With 18 Patches”
- Google Play Apps With Over 420 Million Downloads Found Hosting Spyware
- The Infiltration of Sneaky DogeRAT Trojan into Popular Apps: Endangering Indian Android Users.
- AppSec Rising: Examining the Advancements and Challenges of Application Security
- Rising security concerns as hackers leverage an old-school weapon: the ‘Shift’ key to exploit npm packages
- Backdoor Feature Found in Hundreds of Gigabyte Motherboards, Warns Cybersecurity Experts
- Ghost Sites: The Invisible Risk within Your Salesforce Communities.
- Salesforce’s ‘Ghost Sites’: A Cautionary Tale of Data Exposure
- “Critical Security Flaw in Apple macOS Revealed by Microsoft: Potential SIP Protection Bypass”
- Malware Attacks in the Age of Remote Work: Navigating the Aftermath.
- “New ‘Attacker’ Device May Help Enhance Safety in Autonomous Cars: Experts Weigh In”
- Why Enterprises Should Take Steps to Adapt to the Shortening of TLS Certificate Validity
- Cisco Users Beware: PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities
