Posts by Sarah Vonnegut:


This Week In Application Security News: December 2 – 8

Dec 08, 2013 By Sarah Vonnegut | In this week’s news update, we’re all just tiny specks on the NSA’s enormous surveillance map, Obama can’t have an iPhone like his cooler daughters, the Brightest Flashlight app has a dark history of data stealing, and more.

</Read More>

Cache of 2 Million Account Details For Facebook, Google, Yahoo Users Discovered

Dec 05, 2013 By Sarah Vonnegut | Some two million accounts on several of the most widely visited social media networks, email providers and websites were just discovered on a server with a bogus IP in the Netherlands. Hackers stole login usernames and passwords for Facebook, LinkedIn, Google, Twitter and various other popular sites.

</Read More>

CISO’s: Pre-Planning Your Application Security Program

Dec 03, 2013 By Sarah Vonnegut | Application Security is never a ‘one-and-done’ deal. It is ongoing, ever-evolving, and its’ centrality in organizations ever-growing. As technology’s scope and complexity increases, the emphasis on application security needs to grow as well; No matter which stage you are in the maturity model, application security is a constant in your approach.

</Read More>

This Week In Application Security News: Nov. 25 – Dec. 1

Dec 01, 2013 By Sarah Vonnegut | Winner of the ‘Worst Week’ award goes to James Howells, who this week realized he threw away a hard drive with 7,500 Bitcoins worth over $7.5 million in current BTC value. Read about his million dollar fumble, the still-unfolding Vodafone breach, new NSA snooping and more in this week’s edition of The Week in AppSec.

</Read More>

2,000+ Websites Vulnerable With Ruby on Rails Flaw

Nov 28, 2013 By Sarah Vonnegut | A new exploit, discovered by a white-hat hacker, puts users of over 2,000 Websites in danger of attack. Older versions of Ruby on Rails, a popular open source Web app, employ a defective session management system that could affect the users on the thousands of sites that use it. G.S. McNamara, a security researcher based in D.C., first found the vulnerability issue back in September. The exploit is an Insufficient Session Expiration weakness, and McNamara says it’s fairly common. It’s especially dangerous for shared computers with lots of daily user turnover, such as in libraries or internet cafes.

</Read More>

Cybersecurity Checklist For Holiday Shopping & Travel

Nov 27, 2013 By Sarah Vonnegut | For many in the U.S., the Thanksgiving weekend officially begins at the end of today’s work day and thus starts the beginning of the holiday season. This year there will already be enough pains to deal with: congested roads, packed stores and airports, not to mention messy weather. One headache you can avoid is Cybercrime, so take these fairly simple steps to keep yourself and your gadgets secure while traveling and shopping.

</Read More>

This Week In Application Security News: November 18-24

Nov 24, 2013 By Sarah Vonnegut | Start your week on top of all the most recent application security news: Bug Bounties programs proved their real worth with a major find in Gmail, Cupid Media was shot with a hacked bow, Twitter stepped up their privacy plan, and more. We’ll get you up to speed on all of AppSec’s latest!

</Read More>

Reviewing Scan Results in Checkmarx CxSuite [Video]

Nov 22, 2013 By Sarah Vonnegut | [slideshare id=28484935&doc=checkmarxresultsreview-131121105407-phpapp02-video] In this SlideShare video, we demo the process of reviewing the source code analysis and the steps you need to take in repairing the vulnerabilities. Explore how the CxSuite solution, using state of the art code flow visualization, discovers vulnerable locations and shows the points to best fix the issue and mitigate further risk.
  Related Resouces: A Picture Is Worth A Thousand LoC: Using Code Flow Visualization for Optimal Vulnerability Remediation
A Successful SAST Implementation [White Paper]

</Read More>

Operation #AppSecTip 2014 Is Here!

Nov 20, 2013 By Sarah Vonnegut |
We’re excited to announce the launch of the Checkmarx AppSecTips survey!
From now until the end of the year, we invite all Application Security experts and enthusiasts to visit and add your professional advice and tips for handling application security. The winner of the top tip, announced on January 1st, will receive the year’s best tech gift: The AR Drone.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.