Posts by Sarah Vonnegut:

blog-software-dev-in-agile-era-1

Six Steps to Secure Software Development in the Agile Era

Apr 20, 2017 By Sarah Vonnegut | Written in 2001, the Agile Manifesto launched an evolution in software development that has unfolded over the past decade and a half. Moving from waterfall development to rapid development and into the Agile methodology, software companies around the world have adopted at least some of the Agile processes and practices. And for many organizations, the evolution has paid off – at least in some parts of the business.    
</Read More>
7-ways-ciso

7 Ways to Win Over Your CISO

Mar 22, 2017 By Sarah Vonnegut | Security maturity, as cliche as it sounds, is a journey – not a destination. Security is never “done”; there is always more to be done, new technologies or processes to secure, evolving business objectives with which to align.   The great part about being on the security team is that you don’t have to be the CISO, or Chief Information Security Officer, to make some real changes. If you’re a dedicated security professional, you can absolutely help guide how security is implemented in your organization, as well as how security is perceived. Not only are these activities good for the company as a whole as well as the security team – your good work is often reflected back on you, personally – and can help you in your professional journey.  
</Read More>
blog-history-of-appsec-2

The History of Application Security Testing – Part 2

Mar 16, 2017 By Sarah Vonnegut | Last week, we discussed the early history of computer security, tracing back to World War II and the “bombe”. This week, we’re looking back to the origins of the internet and how application security testing became an invaluable part of enterprise security. Here we go!
Read Part 1 of The History of Application Security Testing HERE
</Read More>
blog-history-of-appsec

The History of Application Security Testing – Part 1

Feb 27, 2017 By Sarah Vonnegut | Information Security is an ancient field, with its earliest recorded origins pointing to Julius Caesar himself. Keeping sensitive information secure is obviously nothing new, but the techniques used continue to get overhauls every few years as our world and technology continues to innovate. Web Application Security is of course only as “old” as web apps themselves. But to read the history of Information Security and Web Application Security Testing is not only fascinating, but can also be massively helpful in helping create a more secure future. So, without further ado, read on for a brief history of security in general and application security testing in specific.
</Read More>
thumbnail_rsa-2017-blog-graphic

A First Timer’s Guide to the RSA USA Conference: 2017 Edition

Feb 07, 2017 By Sarah Vonnegut | Each February, the security world comes together in the techiest city in the world for a packed week of seminars, keynotes, checking out the latest and greatest security technologies, and of course, lots of parties. If you’ve never been to the RSA Conference and are planning on going in just a few short weeks – you’re in for a wild ride!
</Read More>
DevSecOps

DevOps & The Secure SDLC: Breaking Down Barriers with DevSecOps

Feb 02, 2017 By Sarah Vonnegut | The adoption of DevOps in enterprises around the world has created a whole new meaning to constant, rapid innovation and delivery. Iteration after iteration, DevOps is designed to improve the end product endlessly, pushing the limits of speed and collaboration.
</Read More>
General Data Protection Regulation

General Data Protection Regulation: A Short Guide to Data Security in the GDPR

Jan 09, 2017 By Sarah Vonnegut | A new wave of privacy and security reform is about to sweep through Europe – and it affects most of the world, as well.   After years of back-and-forth and heated discussions about the current state of data security, the European Union has adopted a new data protection framework, called the General Data Protection Regulation, or GDPR. This Regulation is a totally new legal framework for how personal data is used and processed, and applies well beyond the borders of Europe.
</Read More>
Secure SDLC-01

The Best Ways to Ensure a Lasting Secure SDLC

Aug 05, 2016 By Sarah Vonnegut | To start the discussion on why a Secure SDLC is more important now than ever, we need to take a look at the evolution in applications and how they’re being secured. Both applications and the way organizations are tasked with securing them have changed dramatically over the past few decades.
</Read More>
Pentesting Blogs

The 13 Most Helpful Pentesting Resources

Jul 26, 2016 By Sarah Vonnegut | Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.