Posts by Sarah Vonnegut:

Secure SDLC-01

The Best Ways to Ensure a Lasting Secure SDLC

Aug 05, 2016 By Sarah Vonnegut | To start the discussion on why a Secure SDLC is more important now than ever, we need to take a look at the evolution in applications and how they’re being secured. Both applications and the way organizations are tasked with securing them have changed dramatically over the past few decades.

</Read More>
Pentesting Blogs

The 13 Most Helpful Pentesting Resources

Jul 26, 2016 By Sarah Vonnegut | Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.

</Read More>
Pokemon malicious mobile

Malicious Mobile Apps and Pokemon GO Hacks: A Brief History + Infographic

Jul 18, 2016 By Sarah Vonnegut | The Pokemon GO craze has blown up since it was released on July 6th, with the number of daily users topping Tinder, Snapchat, Instagram and Facebook. Video after video depicts people you never thought would be into Pokemon roaming around public parks and stores with their phone in their hand, on the hunt for Jigglypuffs and Pikachus.  

</Read More>
devops + security-01

4 Keys To Integrating Security into DevOps

Jul 01, 2016 By Sarah Vonnegut | Faster, predictable releases, lower development costs, and a market constantly demanding new features and products have made the ecosystem ripe for the emergence of a new way of developing software. The development world responded to those demands, bringing the DevOps movement from unknown into the mainstream. Multiple releases a day would have been unheard of 10 to 15 years ago. Today it’s the norm.

</Read More>
Data Security & Integrity

The Importance of Database Security and Integrity

Jun 24, 2016 By Sarah Vonnegut | Databases often hold the backbone of an organization; Its’ transactions, customers, employee info, financial data for both the company and its customers, and much more. are all held in databases, often left to the power of a database administrator with no security training. Database security and integrity are essential aspects of an organization’s security posture. Yet where data used to be secured in fire-proof, ax-proof, well-locked filing cabinets, databases offer just a few more risks, and due to their size nowadays, database security issues include a bigger attack surface to a larger number of potentially dangerous users.  

</Read More>
OWASP Mobile Top 10 Vulnerabilities

OWASP Mobile Top Ten: Avoiding The Most Common Mobile Vulnerabilities

Jun 10, 2016 By Sarah Vonnegut | Another week, another mobile app fiasco. This time around, we learned how an IoT connected car can be controlled through the WiFi installed in the car, enabling Mitsubishi Outlander car owners – as well as attackers – to wirelessly connect to the car’s console, allowing them to do things like turn off the car alarm and mess with the car’s system.
  Even tech giants as big as Apple have struggled with mobile app insecurity issues. Last September, the App Store was hit with its own security scandal when Chinese developers used unofficial versions of Apple’s developer toolkit. That move invited malware into apps that somehow passed through Apple’s security standards and were made available to the masses.   Technology is moving fast – perhaps a bit too fast, if we’re factoring in the ability of organizations to implement high security standards throughout the ranks. But slowing down is not a possibility – security cannot afford to lag behind.

</Read More>

A Quick Guide to Ethical Hacking + Top Hacking Tools

May 16, 2016 By Sarah Vonnegut | They say the best defense is a great offense – and with application security, that’s certainly a big factor in staying ahead of the hackers. Organizations keen on keeping malicious hackers out of their systems will use any number of offensive measures as a way to find the kinds of holes attackers could use against them. Penetration testing, among other forms of offensive security, is perfect for the job – and ethical hacking has become an important part of an organization’s security program. 

</Read More>

What Type of Hacker Are You?

May 10, 2016 By Sarah Vonnegut | While movies and TV shows have made the term ‘hacker’ variations of awful stereotypes, all sorts of hackers, good and bad exist in the world. Maybe you’re one of them – or perhaps you wish you were. Want to know what type of hacker you’d be if you were? Take the quiz and find out!

</Read More>

OpenSSL Vulnerabilities: Takeaways from the Latest Patch

May 06, 2016 By Sarah Vonnegut | The OpenSSL project this week released a series of patches to combat six vulnerabilities that have been discovered as of late, including two high-severity flaws that would give attackers the ability to decrypt HTTPS traffic, execute malicious code on vulnerable servers, and possibly even cause servers to crash. Ironically, one of the flaws was actually inadvertently implemented as part of the fix for the Lucky 13 flaw that was discovered in 2013.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.