The 10 Most Popular Posts of 2015

As we say goodbye to 2015 and begin the new year, we’d like to take a moment to reflect on the great year we had on the Checkmarx blog. We’ve covered a huge array of topics, from interviews with ethical hackers to discussions on the importance of integrating security and DevOps, and it’s that variety that shows through in our most popular posts of 2015.


In the new year, we promise to continue writing articles and guides that will help both security professionals and those wanting to learn more about security progress in their AppSec journeys.


For now, these are the ten most popular posts from the Checkmarx blog in 2015 – enjoy!


Checkmarx Blog’s Greatest Hits: The Most Popular Posts of 2015


Vulnerable Hacking Sites & More Hacking Sites

The two most popular posts of the year were the lists of intentionally vulnerable sites dedicated to helping security professionals and ethical hackers hone their skills, so we lumped them together. It’s so great to see that these were the most popular posts, as it means application security and defensive security are finally being taken seriously.


The fact that many developers were also interested in testing their InfoSec skills is another big step towards positive changes in the security industry. Does this mean we’ll see more proactive developers when it comes to security in 2016? This is a good sign pointing to yes!


Read 13 More Hacking Sites to (Legally) Practice Your InfoSec Skills

Read 15 Vulnerable Sites To (Legally) Practice Your Hacking Skills


How To Play Game of Hacks


We rolled out our security education and awareness game, Game of Hacks during the summer of 2014 and it’s been a huge hit ever since. This post details offers an overview of the game and details how to play. Game of Hacks, and the popularity of this post, prove again how mainstream security, and in specific AppSec, is becoming around the world.



game of hacks
A sample question in Game of Hacks


Read Secure Coding with Game of Hacks


The Best Cyber Security Blogs On the Web


There is so much to read in the world of application security and even more in the wider security industry. It can be cumbersome to sift through, especially if you don’t have a good idea of the best blogs and news sites to check out on a regular basis. To help InfoSec newbies and other interested parties have a quality AppSec blogroll to check out, we compiled a big list of cyber security blogs and sites to read on a regular basis. With RSS feeds linked for each site listed, creating your own personal RSS security reader was never easier!


Read the 29 Cyber Security Blogs You Should Be Reading


Security Experts to Follow on Twitter


Like the blogosphere, the Twitter universe can be equally tricky to navigate. It’s hard to know who to follow if you don’t know where to start – and with that in mind, we wrote a list of the top security experts on a range of topics to follow on Twitter. If you’re a Tweeter and haven’t checked out this list – now is the time! You can even follow our Twitter list, with added reader suggestions. If you’re looking for further reading suggestions, we added the experts’ blogs, if they keep one.


Read the 21 AppSec & Security Gurus You Should Be Following on Twitter


Security Practices to Always Follow


The last couple years have seen a dramatic increase in the shift of security responsibility from the end of the SDLC to the left, throughout the development process. In turn, security is now under the purview of developers and other non-security professionals who are in need of quickly learning the fundamentals of security.


It’s no surprise to us that this post was one of our top of the year – we know that developers and other non-security professionals are interested in increasing their security knowledge. But it’s still a big leap forward to know that developers are seeking out this type of information. If you have a stake in the software and applications released or used by your organization, now is the time to make sure you’re at least familiar with these 9 secure coding practices and how they can be implemented in real life.


Read the 9 Secure Coding Practices You Can’t Ignore


Most Dangerous Code Injections


Code injections have been around from the beginning days of the internet – and yet applications and organizations continue to fall at the hand of an SQL injection or XSS attack. Whether in WordPress plugins, children’s toys, government websites or ecommerce platforms, it makes no difference that code injections are well-known and easily avoided.


This post discusses the basics of each of the five worst code injections and how sites can fall victim to them if they don’t follow best practices for security. We also discuss the importance and essential role of source code analysis in detecting vulnerabilities throughout the SDLC to cut down on the number of high-risk issues that pop up near the end of the cycle and which may or may not get fixed before the app is released.

Read about the 5 Deadly Code Injections


The All-Too-Common XSS Attack


This post offers more in-depth information on the dangerous and easily preventable Cross-Site Scripting attacks. We dug into the three types of XSS, offer some fast facts about how widespread and potentially lethal XSS can be, and offer a downloadable and printable guide to preventing XSS attacks while building and defending applications.


xss - cross-site scripting


Read The Definitive Guide to Cross-Site Scripting


Beginner’s Guide to SecDevOps


With DevOps taking over the development world, it’s up to the security industry to ensure we’re ready to secure whatever challenges come our way. We wrote this post as a primer to the principles of DevOps – and how security teams can become much more involved in the process, shifting from being part of the problem to part of the solution.


That this post was one of the year’s most popular speaks volumes about the desire in the security community to be more engaged in the changes that DevOps brings to the SDLC. 2016 is set to be another big year for DevOps, and it’s great that security professionals want to be a positive part in helping resolve the various security challenges posed by agile development methodologies.


Read Security and DevOps: How To Get Started


Are WAFs All They’re Cracked Up To Be? A Hacker Answers


While a layered approach to security is essential, it’s important to choose the tools you’ll layer onto each other wisely. Web Application Firewalls, or WAFs, have long been considered a perfectly fine way to prevent web app attacks. But Rafay Baloch, an ethical hacker who can easily bypass any WAF, wholeheartedly disagrees.


In the post, Rafay shows how he works his magic, and why he thinks that other tools, such as source code analysis and pen-testing, are much better values. It’s great to see that application security testing is finally in the limelight, and we think 2016 will finally see Application Security receiving the attention it so desperately needs.


Read Web Application Firewalls: Ethical Hacker Exposes His Secrets


Security for Developers: The Resources You Should Know


From OWASP to CERT to StackExchange, we laid out some of the best resources that developers can turn to when they have an AppSec question. Just like the 9 Secure Practices post above, this one was exciting to see that developers are seeking out guidance and the resources that will help them better secure the applications they spend so much time and energy on. It’s clear that the “security as another factor of quality” way of approaching security is catching on among more than just the InfoSec community.


Read the 21 AppSec Resources No Developer Should Be Without


Have any posts you want to see us write in 2016? Let us know below!

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Jump to Category