Become a partner

Carsten Huth

Checkmarx, Team leader for Technical Account Management and AppSec Advisory

Carsten has over 15 years of experience in InfoSec and over 10 years of experience in application security. He has carried out numerous AppSec program rollouts and deployments as a professional services consultant becoming a practice principal and managing a team of software security consultants across Europe. When joining Checkmarx in 2016, Carsten initially worked as the first Technical Account Manager (TAM), managing the largest accounts of Checkmarx in EMEA. Shortly after joining Checkmarx, Carsten started building the team of technical account managers around him and a year later also a team of AppSec advisors. Carsten has contributed to the OWASP OpenSAMM standard and has presented at various application security conferences.

  • Towards Establishing High Standards for Secure Software in Public Procurement Processes
    The importance of high security standards of software products and their source code in public procurement processes continues to grow. It is very important to ensure that any software delivered as a result of a public procurement process adheres to high standards in application security. Software in the public sector has consistently high requirements with regard to confidentiality, integrity and availability. Checkmarx has long standing experience in providing methodologies and best practices for secure development as well as the technical solution to check the security of source code and open source components that are included in a software product provided as a result of a public procurement process. Two key aspect are (1) to assess the maturity of the secure software development process of the supplier and how the supplier can provide evidence that its software development process follows high security standards in the development process and furthermore (2) that suppliers provide documentation of the results of technical solutions/tools used to verify the security of the software and its source code. In this talk I will give an introduction on best practices to follow and our proposed approach from long standing experience in application security.

    Videorecord
     
  • Discussion
    Discussion of invited speakers:
    Andrej Bederka, Digitálna Koalícia
    Huth Carsten, Checkmarx
    Peter Kampa, SOFTEC
    Richard Kiškovač, MIRRI
    Martin Sulík, NASES
     
  • Digital transformation without compromising trust
    In the age of ubiquitous internet access and widespread use of smart phone devices, citizens expect that the public sector meets demands of easier, faster and more flexible access to services. This creates also new challenges for public sector information security: Since citizens, patients, tax payers, vehicle user etc. expect to be able to access services in a convenient way online, it is required that data from different sources needs to be integrated and combined, and access to confidential information needs to be highly secure. The challenge is to support this digital transformation without compromising the trust and security of the service consumer.
    The underlying software used in this environment needs to be built for a cloud native technology stack and to be secured from the ground up. The software in SaaS scenarios need to be built to be deployed often and consists of micro services which are orchestrated together to provide the end user experience expected by the service consumer (at all public sector levels from local services to national administration). This is where application security builds the foundation to find vulnerabilities early in the software development lifecycle, such as preventing trust boundary violations, checking API security (to secure micro-services interacting with each other), and checking for known vulnerabilities in open source components. All of these checks are needed both in the software supply chain as well as in individual customisations of software products provided by larger vendors. Checkmarx provides solutions for both large vendors as well as for the local customisations developed on top of those products.

    Videorecord

     
Páčil sa ti článok? Zdieľaj ho a povedz o ňom aj ostatným