Posts by Paul Curran:

what is static code review?

What is Static Code Review?

Jun 30, 2016 By Paul Curran | Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review.
These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits but also fits the requirements set forth by the organization or their customers.

</Read More>
Top JavaScript Frameworks

Top JavaScript Frameworks for Web Applications

Jun 27, 2016 By Paul Curran | JavaScript is the language behind nearly 90% of all websites today, but what are the top JavaScript frameworks for web applications? Since first launching back in September 1995, JavaScript continues to dominate as the most popular programming language in the world.

</Read More>
chinese cyber attacks

Chinese Cyber Attacks from behind the Great Firewall

Jun 14, 2016 By Paul Curran | “All of this suggests that, from China’s view, a global conflict is already underway-in the world of cyberspace.” -Dean Cheng, Chinese Security Expert at the Heritage Foundation, in 2010, in response to nearly a decade of daunting cyber provocations from China.

</Read More>
Verizon 2016 Data Breach Investigation Report

Verizon 2016 Data Breach Investigation Report – Takeaways

Jun 09, 2016 By Paul Curran | For the ninth consecutive year, Verizon has published its annual Data Breach Investigations Report (DBIR). Read on to find out Checkmarx’s key takeaways from the Verizon 2016 Data Breach Investigations Report report.
The 2016 Data Breach Investigations Report is based on a final dataset of 62,199 security incidents and 2,260 data breaches. These incidents affect organizations in more than 82 countries and the victims are organizations varying in both industry and size.

</Read More>

Cyber Crime Statistics Infographic

May 25, 2016 By Paul Curran | How much are cyber attacks costing organizations across the world? Which breaches are the most costly to fix and how prepared are these organizations? Find out in our cyber crime statistics infographic below.

</Read More>

Do Developers at Facebook use PHP Static Analysis Tools?

May 19, 2016 By Paul Curran | Since its humble beginnings, PHP and Facebook have had an interesting relationship. PHP was at the heart of Facebook code, and in many ways still remains that way, but do developers at Facebook use PHP Static analysis tools?

</Read More>

Source Code versus Bytecode Analysis

May 11, 2016 By Paul Curran | In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis.
While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes to gauging inherent software risk, which method will expose more vulnerabilities? Which method should your organization be using?

</Read More>

Cyber Terrorism – How Real is the Threat?

May 04, 2016 By Paul Curran | As our dependency on the internet increases from our phones to our streets, hospitals and cities, so do the threats posed by cyber terrorism. “Cyber terrorism” is a contested term that can erroneously include acts of “hacktivism” and internet vandalism which do not directly threaten the lives and livelihoods of their victims. The potential threats posed by cyber terrorism are daunting, but are they really within the reach of cyber terrorists?

</Read More>

Everyone Talks About Phishing, But No One Blames XSS

Apr 26, 2016 By Paul Curran | Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.