The AppSec How-to: 10 Steps to Secure Agile Development

In Agile’s fast-paced environment and frequent releases, security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best practices? Companies have found the following ten practices helpful to achieve a holistic secure Software Development Life Cycle (SDLC) process in an

Read More ›

We’re so excited… and we just can’t hide it! Checkmarx is a finalist at the GSC Awards

  We are happy to share the news- Checkmarx is a finalist in the Global Security Challenge! GSC 2013 seeks to discover the most promising young companies, university spin-offs and concept projects from around the world, capable of providing the next generation of cyber protection and leading the charge against some of the biggest threats of today

Read More ›

Joomla’s Security State- WordPress is not alone

Two months ago Checkmarx has published a research revealing the security state of WordPress’s 50 top plugins. Another CMS joins the list and this time it’s Joomla- as simple vulnerability was exploited to infect thousands of websites with malware. The sites were hacked to serve up the prevalent Blackhole exploit kit, which in turn infected users’ systems

Read More ›

SVN Static Code Analysis

Subversion (SVN) is designed to help software developers on collaborative development projects manage their source code. It tracks each commit and the changes within the code so that it’s easy to review the code and ensure that it’s in line with the expectation of the development team. However it doesn’t have built-in support for SVN

Read More ›

Static Code Analysis with Eclipse

There are several options available for static code analysis within Eclipse and they all come in the form of plugins. Code coverage can be monitored using EclEmma with a straightforward traffic light warning system to deliver a simple report on whether your unit testing goes deep enough. FindBugs will deliver byte code analysis and it works

Read More ›

Static Code Analysis for Java

With so many applications being developed in Java, there’s an acute awareness of the importance of application security, and the best way to integrate security into the software development life cycle is though static code analysis. When it comes to static code analysis for Java there are many options to examine the code through plugins

Read More ›

PHP Static Code Analysis

PHP static code analysis is necessary if you want to ensure that your PHP code will deliver secure applications. There are plenty of options on the market for PHP static code analysis. These include Klocwork, Atlassian, Checkmarx, etc. However, the real trick with selecting the right tool is to choose one which is accurate so

Read More ›

Jenkins Static Code Analysis

Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example – it works like ‘Cruise Control’ and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered

Read More ›