Posts by Sarah Vonnegut:

blog-appsec-metrics

AppSec Metrics That Matter

Jul 11, 2017 By Sarah Vonnegut |   Metrics matter. Metrics are important because they tell you, stakeholders and budget planners how well you’re meeting your set goals. Metrics ensure that your program has visibility and is the only way to effectively communicate the value of your application security program. If you simply go through the AppSec motions of scanning and fixing, you have no insight into how effective your application security program is or if you’re hitting either your security goals or business goals.  
</Read More>
blog-australian-regulation-new-bill

Australia’s Mandatory Breach Notification Bill – 3 Ways to Prepare Your Organization

Jul 03, 2017 By Sarah Vonnegut | Governments are increasingly taking control of cybersecurity issues for the citizens and organizations they serve. Just last year, Europe passed the General Data Protection Regulation, or GDPR, which requires businesses who handle European citizen’s data to notify customers if they experience a data breach, as well as report it to the regulatory body. In the US, 47 out of 50 states have established state legislature touching on data breach notification requirements, and Canada requires hacked organizations to notify both customers and the Privacy Commissioner.  
</Read More>
blog-abcs-to-ci

An A to Z Guide to Continuous Integration

Jun 25, 2017 By Sarah Vonnegut | The race to improve software quality and innovation has been around since the 1970s. Many processes and workflows have been created to help address the historical issues that prevent teams from developing high-quality applications quickly and reliably, yet enterprises continue their struggle to keep up.  
</Read More>
blog-how-to-raise-cybersecurity-awareness

How to Raise Cybersecurity Awareness at all Levels of Your Organization

Jun 15, 2017 By Sarah Vonnegut | We’ve said it once and we’ll say it again: an organization is only as secure as its weakest link. Most, if not all, of your employees are online and on their mobile devices in your workplace, whether you have a BYOD policy in place or not. Developers release software with millions of lines of code, your management discuss and share privileged information, and the rest of the organization opens emails regardless of whether they know the sender or not.  
</Read More>
blog-why-your-enterprise-needs-devops

Why Your Enterprise Needs DevOps

Jun 12, 2017 By Sarah Vonnegut | The buzzword of the decade is far from just a trend as organizations struggle to keep up with competition. There’s a reason DevOps is so often discussed and highly regarded. As organization after organization makes the switch and reaps the rewards offered by the DevOps culture, it’s time for all those who could enjoy DevOps to at least try it out. By improving software development at every stage, successful organizations have found, they can also improve on quality, stability, and business benefits. Curious? Let’s find out why your enterprise needs DevOps.
</Read More>
blog-stand-out-with-your-appsec-routine-1

5 Steps to Stand Out with your AppSec Routine

Jun 01, 2017 By Sarah Vonnegut | In most organizations, Application Security is sadly behind in adoption, especially when compared to Network Security. And yet, with 84% of attacks aimed at the application layer, we need to turn our focus more towards AppSec. As we use and deploy more and more apps, the interdependencies between them complicate internal infrastructures, leading to more opportunities for misconfigurations and holes that could be used by attackers.  
</Read More>
blog-software-dev-in-agile-era-1

Six Steps to Secure Software Development in the Agile Era

Apr 20, 2017 By Sarah Vonnegut | Written in 2001, the Agile Manifesto launched an evolution in software development that has unfolded over the past decade and a half. Moving from waterfall development to rapid development and into the Agile methodology, software companies around the world have adopted at least some of the Agile processes and practices. And for many organizations, the evolution has paid off – at least in some parts of the business.    
</Read More>
7-ways-ciso

7 Ways to Win Over Your CISO

Mar 22, 2017 By Sarah Vonnegut | Security maturity, as cliche as it sounds, is a journey – not a destination. Security is never “done”; there is always more to be done, new technologies or processes to secure, evolving business objectives with which to align.   The great part about being on the security team is that you don’t have to be the CISO, or Chief Information Security Officer, to make some real changes. If you’re a dedicated security professional, you can absolutely help guide how security is implemented in your organization, as well as how security is perceived. Not only are these activities good for the company as a whole as well as the security team – your good work is often reflected back on you, personally – and can help you in your professional journey.  
</Read More>
blog-history-of-appsec-2

The History of Application Security Testing – Part 2

Mar 16, 2017 By Sarah Vonnegut | Last week, we discussed the early history of computer security, tracing back to World War II and the “bombe”. This week, we’re looking back to the origins of the internet and how application security testing became an invaluable part of enterprise security. Here we go!
Read Part 1 of The History of Application Security Testing HERE
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.