Why don’t developers have a ‘spellchecker’ for security’?

Built-in security education Checkmarx is one of several vendors looking to address that very issue. “We take source code, and do the analysis on 10 or 100 lines of code, allowing the developers to see the vulnerabilities at a very early stage,” said Amit Ashbel, director of product marketing at Checkmarx. “And then we take

Read More »

Top Culture Changes to Make DevOps a Reality – Part 2

The most important culture change required to embrace DevOps in an organization is to forget about the traditional silo approach. Departments are no more responsible for their own delivery but rather everyone is responsible to deliver. While this sounds a bit like starring through rosey glasses, the fact is that the whole idea of DevOps

Read More »

13 IT leaders confess their scary stories and deep, dark fears

Doomed to repeat mistakes “In my many years of experience helping some of the largest organizations in the world roll out effective application security programs utilizing SAST the scariest trend I have seen is that application security takes a back seat to new features being released to the market or a hard release date. Application

Read More »

Secure Software Development Tips – Interview with Josh Feinblum

Secure Software Development

The fourth, and final, interview in our 2016 National Cyber Security Awareness Month series is with Josh Feinblum, the VP of Information Security at Rapid7. In this series, we have gotten tips for accelerating application security with Dan Cornell of the Denim Group, received insights about managing open source security with Rami Sass of WhiteSource

Read More »

The state of testing within application security

Testing is an integral part of application security (AppSec) but according to the recent SANS State of Application Security report recently commissioned by Checkmarx, how organisations test is very diverse. The report identifies how organisations test, who is responsible for testing, what organisations are finding and how they are remediating those bugs and vulnerabilities. In this

Read More »

7 Secure Cyber Security Interview Questions (and Answers)

Secure Coding Job Interview Questions

The dreaded job interview. From small talk to tough questions – it’s the true testing time for the interviewee. But if you’re the interviewer, control – and advantage – is on your side. When interviewing candidates for job positions that involve secure coding, i.e. development, QA, or related information security roles, what should you ask?

Read More »

The Importance of Application Security Awareness Training – Interview with Maty Siman

application security awareness training

The third in our series of 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Maty Siman, founder and CTO here at Checkmarx.    Maty is passionate about secure programming and moving secure development education and awareness away from the “back seat” that security has traditionally taken for programmers. Read Maty’s advice for organizations who want to scale

Read More »

7 Point Plan for Sustainable Secure Coding Practices

secure coding practices

Gartner estimates that through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Month after month, major organizations face major hacks and breaches which often involve security vulnerabilities that are well known to security professionals. From SQL injections to weak encryption, the astronomical

Read More »