RSA Conference 2020 Wrap-Up: From Software Security to SoulCycle
Another year, another RSA Conference USA in the books! From talking software security and DevOps with thousands of attendees, to launching new research and solutions, and hosting a SoulCycle fitness class for AppSec professionals, we had a blast at this year’s show and couldn’t be more grateful to all who helped make it such a success.
Being a seasoned security professional who has attended RSA Conference for many years, I’ve observed that many of the products and solutions one can find at the show are primarily designed to help manage the symptoms or the results of coming under a cyber-attack. What I’ve also observed is that on the flip side, organizations are still struggling to take proactive and preventative steps to protect their software and applications from the outside-in, before a malicious incident takes place.
With that said, I have seen a shift in today’s organizations increasingly acknowledging that reducing or nearly eliminating coding errors that lead to vulnerabilities first, tremendously reduces their overall software risk. Organizations also understand that the way they develop and depend on software has changed, and never has it exposed them to more risk. It was more evident than ever this year from the conversations we had at our booth and around the show that developers and organizations fully agree that security must be inseparable from software development.
Checkmarx Booth Presentations at RSA Conference USA
To kick off RSA Conference, last Monday, Checkmarx announced the launch of its CxFlow orchestration module for our Software Security Platform that tightly integrates with application release orchestration and agile planning tools. This results in improved operational ‘flow’ of secure software development and the delivery of more actionable vulnerability findings. CxFlow also drives faster adoption by reducing friction between development, DevOps, and DevSecOps, and enabling automated scanning earlier in the code management process by integrating directly into source control management systems or CI/CD tools.
Since organizations agree that they must address vulnerabilities in their software during development, today they are looking for ways to integrate AST solutions in an automated fashion within their development pipelines. Notably, CxFlow is the only AST solution that offers end-to-end automation – from scanning to ticketing.
On Tuesday, we invited a group of AppSec professionals to join a SoulCycle fitness class hosted by Checkmarx. This 45-minute workout had all of us spinning at the speed of DevOps. Afterwards, attendees were given the opportunity to talk with our experts about their application security needs over some fresh, healthy juices.
Checkmarx SoulCycle Group at RSA Conference USA
On Wednesday, the Checkmarx Security Research team released an important piece of research pertaining to the Trifo Ironpie Smart Vacuum. As a result of the research team’s investigation, several high- and medium-severity security vulnerabilities were discovered, particularly of which involved an exploit path for malicious actors to tap into the device’s camera and live streaming functionalities. A summary of the vulnerabilities can be seen in this blog. Additionally, a video of our team exploiting the discovered vulnerabilities can be found here.
Trifo Ironpie Smart Vacuum
Simultaneously on Wednesday, we hosted a roundtable breakfast at The Cavalier, gathering multiple security leaders, including our own Erez Yalon, Head of Security Research, along with Anders Wallgren, VP of Technology Strategy at Cloudbees, James Wickett, Senior Security Engineer at Verica, and Jimmy Mesta, Director of Security Research at Signal Sciences. The group, along with a few influential media members, reflected on the current state of application and software security, specifically drilling down into API security issues, common flaws with modern IoT devices, and security challenges today’s organizations most prominently face.
Gathering at The Cavalier
Continuing on the research front, Erez was accepted to speak during the conference in the notable RSAC Sandbox. His session began on Thursday morning, where he addressed an engaged crowd about the recent Android vulnerability research that the Checkmarx Research Team published in November 2019. Given the ‘Human Element’ theme of this year’s RSA Conference, Erez heavily focused on the hacker POV, giving an inside look at how adversaries think and escalate vulnerabilities, from an initial entry point to a full-fledged exploit. The talk was well-attended and reached an important security audience.
Erez Yalon During His Presentation in the RSA Sandbox
Finally, we’re proud to say that Checkmarx was recognized multiple times throughout RSA Conference, most notably winning a 2020 Cyber Defense Magazine InfoSec Award for AppSec and being listed in CRN’s roundup of the 20 ‘Coolest’ Web, Email & AppSec companies. Additionally, Checkmarx was named a finalist for two SC Media awards – a prestigious list to be shortlisted on.
At the end of the week, the Checkmarx team was pretty worn out to say the least. However, just like every other industry tradeshow, sore feet and tired bodies are the sign of a job well done and a successful event! Since Checkmarx is dedicated to building software security solutions that address the root cause of nearly every successful attack by finding, classifying, reporting, and demonstrating where and how to fix vulnerabilities in software, we think it’s imperative to attend these events and get the word out to those who are in need of integrated software security solutions that fit within DevOps.
Follow us on our social media channels (Twitter, Facebook, LinkedIn) to find out the next event we’ll be at!
*** This is a Security Bloggers Network syndicated blog from Blog – Checkmarx authored by Stephen Gates. Read the original post at: https://www.checkmarx.com/2020/03/05/rsa-2020-wrap-up-from-software-security-to-soulcycle/
