Posts by Sarah Vonnegut:


Why SAST is Essential for a Security Vulnerability Assessment

May 05, 2016 By Sarah Vonnegut | Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices.
  And while it’s true that some organizations are better at this than others (or sometimes just luckier), the fact remains that nobody needs to be reminded that security vulnerability assessments are worthwhile.

</Read More>

Why You Need an AppSec Champion on Your Side

May 01, 2016 By Sarah Vonnegut | If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up and running. How can you get your program to work if the team most able to make a difference – the developers – aren’t interested? You need an AppSec Champion on your side.

</Read More>

Need-to-Know AppSec News Stories, April 2016

Apr 21, 2016 By Sarah Vonnegut | We’re starting something new today: An AppSec news story roundup that you can either read or watch via our Whiteboard Roundup below! We look forward to helping our readers stay up-to-date with all they need to know about AppSec – so please let us know what you think below and if we’ve missed any good security stories. 

</Read More>
Mobile Application Security Testing Tools

How to Get More Out of Your Mobile Application Security Testing Tools

Apr 15, 2016 By Sarah Vonnegut | Users expect the apps they download to be secure and safe, in addition to fast and feature-packed. It’s up to the organizations releasing applications – which most likely includes you, if you’re reading this – to meet (and exceed) their expectations. If you don’t meet expectations, you’re in bad luck: A 2013 study found that 88% of Americans have negative views of companies with mobile apps or sites that perform poorly or too slowly.

</Read More>
Static Analysis Tools

Static Analysis Tools: All You Need to Know

Apr 08, 2016 By Sarah Vonnegut | Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.

</Read More>
Blog Headers (10)

Secure Application Development: Avoiding 5 Common Mistakes

Apr 01, 2016 By Sarah Vonnegut | It’s 2016 – and yet, somehow, ‘easy-to-avoid’ vulnerabilities like SQL injection and XSS can be found on websites of government agencies, Global 500 companies, as well as in highly sensitive medical and financial applications developed and deployed around the world. Two decades of the same kinds of attacks and we still haven’t gotten secure application development figured out.

</Read More>
Open Source Component Security

How Secure Are Your Open Source Components?

Mar 25, 2016 By Sarah Vonnegut | For organizations around the world, open source code has allowed faster time to market, decreased the workload for developers and lowered costs for the organization. The ability for great minds from around the world to come together on a piece of code has given us Linux, Mozilla Firefox, WordPress, and hundreds of thousands of other projects in daily use.
  Yet, for all the positive open source components bring to the table, there is a dark side. For hackers, open source components are a goldmine. Unlike with custom applications developed in organizations, if a hacker finds just one critical vulnerability in the open source code, they can attack any of the hundreds of thousands of systems that use that component in their applications. Just last month, a buffer overflow vulnerability was discovered in the glibc library, allowing attackers to remotely execute malicious code.

</Read More>
Application Security Knowledge

10 Easy Ways to Increase Your Application Security Knowledge

Mar 18, 2016 By Sarah Vonnegut | If you’re new to the world of security, in whatever capacity, gaining a good understanding of AppSec can seem daunting and distant – but don’t fear. Becoming more application security aware doesn’t have to be hard or time-consuming. It can be as easy as taking a few minutes out of every day to advance your application security knowledge to a higher level – no matter where it stands today.

</Read More>
Blog Headers (2)

When Booking Your Flight Becomes Dangerous

Mar 07, 2016 By Sarah Vonnegut | Flying is a pain. Booking flights can be just as annoying. But, as one of Checkmarx’s own recently discovered, booking your flight can also be dangerous. David Sopas, a Portuguese security researcher at Checkmarx who hunts bug on the side, found a common, highly disruptive security vulnerability on one of the largest airlines in the world.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.