Posts by carolineb:


Automated CloudSpokes Code Testing & Analysis with Thurgood

Apr 25, 2013 By carolineb | We’d like to introduce you to Thrugood, CloudSpokes new tool- providing a quality and security analysis of submitted challenge code.
Thurgood provides you with information so you can determine if you want to tweak your submission based upon security reviews, add additional test coverage or resubmit if you’ve forgotten files that caused your build to fail.

</Read More>

Anonymous attacks in Israel, April 2013 on “Israel Today” news

Apr 07, 2013 By carolineb | Following Anonymous cyber attacks in Israel on April 7th, 2013 we are providing free source code scans in order to assist local companies to secure their software.
We were proud to see our names on the “Israel Today” newspaper.

</Read More>

“It will never happen to me”- thoughts about security awareness

Mar 28, 2013 By carolineb | Today’s targeted cyber-attacks force organizations to act rapidly and involve more and more security professionals in order to secure their software. Security education awareness focuses on the need to involve developers in the security testing process. These are great blog posts surrounding security awareness and education; we thought it’s worth a share.

</Read More>

The Binary Shake- directly from Harlem

Mar 12, 2013 By carolineb | There are 10 types of people in the world, those who understand binary and those who dance it.

</Read More>

Mobile app security testing- are you checking for all the flaws?

Mar 11, 2013 By carolineb | By Kevin Beaver I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite). If you’re a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together getting in the app stores. I’ve used CxDeveloper to find flaws in iOS and Android-based apps that may not be discovered via traditional testing such as: Code injection
Session fixation
Path traversal
Weak passwords
Hard-coded cryptographic keys …all things that I’m not smart enough to find on my own. Nor do I have the time. For a few years now, I’ve dealt with the folks at Checkmarx and everyone from their CTO to their Director of Marketing – and a few others in between – has been super nice and responsive to my sometimes ridiculous requests.

</Read More>

Playtech deploys the Checkmarx SAST solution in a complex dev environment

Mar 07, 2013 By carolineb | Continuously acquiring new companies, Playtech integrates new and diverse technologies into its platform, developing programs on the scale of millions of lines of code. As a result, Playtech places a lot of emphasis on application security.
The company implements a structured Secure Development Lifecycle (SDL) methodology, whereby software security is taken into consideration in every step of the SDLC – namely –during the requirements, design, implementation, development & QA phases. We are glad to have Playtech as a customer of our SAST (Static Analysis Security Testing) tool. The security team at Playtech loves Checkmarx because of the flexibility and independence it provides them to do their job. Being a small security team within such a large company, the task of staying up to date with the ever growing code base is a great challenge. Using compilation based SAST tools required achieving a build and compilation errors in the process of achieving a build consumed a lot of precious time of the security team and often required assistance from the R&D team. Read more     Playtech is the world’s largest online gaming software supplier traded on the London Stock Exchange’s Main Market.

</Read More>

Hacking is more common than people think

Mar 06, 2013 By carolineb | Source: onlinecollegecourses

</Read More>

Your Source for RSA2013 live updates! { }

Feb 21, 2013 By carolineb | Optimize your RSA2013 experience and get live updates from Vendors, Speakers and Press at

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.