This webinar demonstrates the value of combining the powerful and easy-to-use Checkmarx CxSAST engine with the application vulnerability correlation capabilities of the ThreadFix vulnerability resolution platform to create a comprehensive application security program. Specifically, it will examine: Correlating Checkmarx CxSAST results with DAST scans via Hybrid Analysis Mapping to help developers maximize the value from both security testing approaches and increase the confidence in testing results Using Checkmarx CxSAST and ThreadFix’s HotSpot identification technology to highlight vulnerable components developed and shared within your organization Onboarding Checkmarx CxSAST scanning results and operations into ThreadFix to get up and running quickly Integrating both Checkmarx CxSAST and dynamic application security testing into developers’ CI/CD pipelines to reduce critical metrics like mean-time-to-discover and mean-time-to-fix

1. © 2016 Denim Group – All Rights Reserved
Running a Comprehensive
Application Security Program with
Checkmarx and ThreadFix
September 15, 2016
1
Matt$Rose
Global'Director'of'Application'Security'Strategy,
Checkmarx
Dan$Cornell
CTO,'Denim'Group

2. © 2016 Denim Group – All Rights Reserved
Agenda
• State of Application Security
• Checkmarx Overview
• ThreadFix Overview
• ThreadFix / Checkmarx Integration
2

3. Checkmarx
Secure SDLC
with
ThreadFix
Matt Rose – Global Director Application Security
Strategy, Checkmarx
Dan Cornell – CTO, Denim Group

4. WHAT ACTUALLY
MATTERS IN
APPLICATION
SECURITY
TESTING?

5. SECURITY PROFESSIONALS WANT TO TEST, DEVELOPERS WANT TO CODE
Proprietary and Confidential | All Rights Reserved

6. Test
CHECKMARX CREATES YOUR SDLC A SECURE SDLC
Ticketing
/Bug
Tracking
Systems
Build
(self test)
Release
Decision
Backlog
Design
Develop
Security Gate
Scanning
Developer IDE
Plugins
Trending and Reporting
Data Export API
Scan Automation
SVN TFS
CLI, Web Services API
TFS
Bamboo
Web Service API
CLI
Build
Servers
Proprietary and Confidential | All Rights Reserved

7. The Software you sell or develop for
your customers needs to be secure. Be
proactive and use your Application
Security program as a differentiator
This leads to:
Less vulnerabilities
Lower costs
Far more secure applications
Satisfied Customers
BOTTOM LINE
Proprietary and Confidential | All Rights Reserved

8. © 2016 Denim Group – All Rights Reserved
ThreadFix Overview
• Create a consolidated view of your
applications and vulnerabilities
• Prioritize application risk decisions based on
data
• Translate vulnerabilities to developers in the
tools they are already using
3

9. © 2016 Denim Group – All Rights Reserved
ThreadFix Overview
4

10. © 2016 Denim Group – All Rights Reserved
Create a consolidated
view of your
applications and
vulnerabilities
5

11. © 2016 Denim Group – All Rights Reserved
Application Portfolio Tracking
6

12. © 2016 Denim Group – All Rights Reserved
Easy Checkmarx CxSAST Import

13. © 2016 Denim Group – All Rights Reserved
Vulnerability Consolidation
8

14. © 2016 Denim Group – All Rights Reserved
Prioritize application
risk decisions based on
data
9

15. © 2016 Denim Group – All Rights Reserved
Vulnerability Prioritization
10

16. © 2016 Denim Group – All Rights Reserved
Prioritization with Hotspot

17. © 2016 Denim Group – All Rights Reserved
Reporting and Metrics
12

18. © 2016 Denim Group – All Rights Reserved
Translate vulnerabilities
to developers in the
tools they are already
using
13

19. © 2016 Denim Group – All Rights Reserved
Defect Tracker Integration
14

20. © 2016 Denim Group – All Rights Reserved
Questions and Contact
ThreadFix
www.threadfix.it
Checkmarx
www.checkmarx.com