AEC knows how to find and fix security bugs in applications under development. With support of Checkmarx from Israel
6/14/2020
AEC knows how to find and fix security bugs in applications under development. With support of Checkmarx from Israel

EAC, a leading cybersecurity provider, entered into partnership with the leading developer of solutions for the analysis, identification and elimination of security risks in application software. Tools from Checkmarx, an Israeli company, are helping AEC's customers to efficiently reconcile functional and security requirements for their applications under development.

Online communication between enterprises and their customers by way of various computer, web or mobile applications has become an absolute standard nowadays. However, the effort to build one's own applications as a means to keep up with rapid progress, brings along several considerable risks.

The management usually gives preference to business aspects of the application, i.e. its speed, cost-minimization and maximum user-friendliness, over its security. The reason behind is the fact that all these processes comprising testing and verifications are extremely complex and when executed directly by the programmers, the development of each application becomes excessively lengthy and expensive.

AEC has been focusing on the provision of cyber security for a long time now. It can provide its customers with appropriate tools and processes in order not to slow down the development of the application in question, even after all necessary security standards have been introduced. The company's experts guide the customers through gradual changes in processes and definition of security requirements and checks in order to enable their efficient work on the development of applications and at the same time, to ensure the highest possible level of security.

Checkmarx products are among the key tools significantly assisting them with the minimization of security risks for the developed application. "We are happy, because thanks to our partnership with Checkmarx, we have gained access to unique tools significantly streamlining the security management during development," says Maroš Barabas, Head of Product Management in AEC.

These tools developed by the Israeli company enable AEC experts to include the application source code security checks directly into the program development life cycle. This way, all potential security bugs in the code can be found and fixed immediately over the course of the application development, with no undue delays.

"AEC has an extensive background in cybersecurity and DevSecOps, making them a natural fit for the Checkmarx partner program," said Orit Shilvock, Director of EMEA Channels, Checkmarx.

"As organizations in the Czech Republic and around the world work to address security gaps in the applications and software they develop, they're turning to testing tools that streamline and accelerate DevOps workflows and enable the development of a more secure final product. We're excited to add AEC as an authorized reseller of Checkmarx products and anticipate a long, fruitful relationship as they support our services and solutions for years to come." said Orit Shilvock.

The most common way to develop a new application is the so-called in-house development, when a company is programming an entire application on its own. If it is done by means of outsourcing, the customer contracts a third party to have certain things programmed to measure and assumes only the role of an authority placing requirements. In both cases, however, it is also necessary to keep in mind that security requirements have to be included and checked during the delivery acceptance phase.

Due to the fact that AEC experts combine application security methodologies and standards based on the customers' requirements and capabilities, they are able to provide the required quality and level of application security either at the customer's or in case of a third-party developer workforce. And on top of that, the application will be precisely checked in scope of the acceptation criteria by AEC penetration testers in the end and all potential bugs and weaknesses will be found.

The fact that their developers will learn to work in a more secure way is then quite an appreciable bonus for any company. It can therefore be assumed that their future projects will be more secure starting from the design phase and the whole development cycle will become more efficient.

And this is also one of the AEC objectives. "We are helping our customer to be able to manage on his own. We teach him to define security requirements and how to incorporate these requirements into development. When we see that they need it, we will also provide them with appropriate training," concludes Maroš Barabas.