Posts by Sarah Vonnegut:

appsec-champ2-01

Why You Need an AppSec Champion on Your Side

May 01, 2016 By Sarah Vonnegut | If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up and running. How can you get your program to work if the team most able to make a difference – the developers – aren’t interested? You need an AppSec Champion on your side.

</Read More>
April-News-Blog-01

Need-to-Know AppSec News Stories, April 2016

Apr 21, 2016 By Sarah Vonnegut | We’re starting something new today: An AppSec news story roundup that you can either read or watch via our Whiteboard Roundup below! We look forward to helping our readers stay up-to-date with all they need to know about AppSec – so please let us know what you think below and if we’ve missed any good security stories. 

</Read More>
Mobile Application Security Testing Tools

How to Get More Out of Your Mobile Application Security Testing Tools

Apr 15, 2016 By Sarah Vonnegut | Users expect the apps they download to be secure and safe, in addition to fast and feature-packed. It’s up to the organizations releasing applications – which most likely includes you, if you’re reading this – to meet (and exceed) their expectations. If you don’t meet expectations, you’re in bad luck: A 2013 study found that 88% of Americans have negative views of companies with mobile apps or sites that perform poorly or too slowly.

</Read More>
Static Analysis Tools

Static Analysis Tools: All You Need to Know

Apr 08, 2016 By Sarah Vonnegut | Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.

</Read More>
Blog Headers (10)

Secure Application Development: Avoiding 5 Common Mistakes

Apr 01, 2016 By Sarah Vonnegut | It’s 2016 – and yet, somehow, ‘easy-to-avoid’ vulnerabilities like SQL injection and XSS can be found on websites of government agencies, Global 500 companies, as well as in highly sensitive medical and financial applications developed and deployed around the world. Two decades of the same kinds of attacks and we still haven’t gotten secure application development figured out.

</Read More>
Open Source Component Security

How Secure Are Your Open Source Components?

Mar 25, 2016 By Sarah Vonnegut | For organizations around the world, open source code has allowed faster time to market, decreased the workload for developers and lowered costs for the organization. The ability for great minds from around the world to come together on a piece of code has given us Linux, Mozilla Firefox, WordPress, and hundreds of thousands of other projects in daily use.
  Yet, for all the positive open source components bring to the table, there is a dark side. For hackers, open source components are a goldmine. Unlike with custom applications developed in organizations, if a hacker finds just one critical vulnerability in the open source code, they can attack any of the hundreds of thousands of systems that use that component in their applications. Just last month, a buffer overflow vulnerability was discovered in the glibc library, allowing attackers to remotely execute malicious code.

</Read More>
Application Security Knowledge

10 Easy Ways to Increase Your Application Security Knowledge

Mar 18, 2016 By Sarah Vonnegut | If you’re new to the world of security, in whatever capacity, gaining a good understanding of AppSec can seem daunting and distant – but don’t fear. Becoming more application security aware doesn’t have to be hard or time-consuming. It can be as easy as taking a few minutes out of every day to advance your application security knowledge to a higher level – no matter where it stands today.

</Read More>
Blog Headers (2)

When Booking Your Flight Becomes Dangerous

Mar 07, 2016 By Sarah Vonnegut | Flying is a pain. Booking flights can be just as annoying. But, as one of Checkmarx’s own recently discovered, booking your flight can also be dangerous. David Sopas, a Portuguese security researcher at Checkmarx who hunts bug on the side, found a common, highly disruptive security vulnerability on one of the largest airlines in the world.

</Read More>
Application Security Vulnerabilties

Understanding Application Security Vulnerabilities: Part One

Mar 04, 2016 By Sarah Vonnegut | As hackers start attacking our applications more and more, it is imperative that organizations begin treating security testing with the same enthusiasm they give to quality testing. Just like if there are major functionality issues or a feature isn’t working the product doesn’t ship – the same attitude needs to go for deploying  with major application security vulnerabilities.   This requires a shift in the company culture that makes security seen as everyone’s responsibility – not just the security teams. One of the best ways to help facilitate that change is to spread security awareness among the different stakeholders, educating them in how to take responsibility for security in their jobs.   For CISOs, it may be discussions around the ROI of security testing; for non-technical employees that may include security awareness courses on how to avoid phishing campaigns. For developers, that education needs to be a bit more in depth – developers, after all, are the ones writing the code that needs to be better secured.  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.