Posts by Sarah Vonnegut:

Application Security Resources

21 Application Security Resources No Developer Should Be Without

Dec 11, 2015 By Sarah Vonnegut | The truth of the matter is, you have no idea what will happen to your code once your application is released. Your code may be used again down the line, it may be altered – and it will most certainly be used in ways you never imagined. Can you start to see why security does actually play an important role in organizations which develop applications?   Luckily, if you’re in a position where you interact with code, you have a direct way to help better secure our applications and devices. And with that power comes responsibility – the responsibility of playing your part in helping secure the world’s software.   To help get those working with code a boost in your security education, we’ve curated a collection of application security resources to assist any developer, wherever you are on your journey into the arduous (yet rewarding) world of application security. Because when it comes to Application Security, your education is never complete.

</Read More>
Mobile Payment App Security

New To Mobile Payment Security? Here’s What You Need To Know

Dec 04, 2015 By Sarah Vonnegut | The demand for paying with mobile devices may have gotten off to a slow start, especially in the United States, but the next few years will see the mobile payment landscape explode – IDC estimates that by 2020 the global mobile payment market will be worth nearly $4 trillion.   From paying bills and transferring money to friends and family, paying for coffee before we enter Starbucks, to ordering clothes, food, cabs, and other services – all done through our mobile devices – the landscape for mobile payments has dramatically increased – and security has been left in the dust.

</Read More>
Blog Headers (1)

DevSecOps: 4 Best Practices the Pros Teach Us About Security and DevOps

Nov 13, 2015 By Sarah Vonnegut | Developers and engineers all around the world are deploying code hundreds of thousands of times a day. Hundreds of millions of lines of code are churned out on a monthly basis, and it’s only going to get faster. Yet the security industry continues to kick our feet about DevOps.   But security teams can’t afford to continue the tip-toeing act we’ve been doing around DevOps. We need to find a way to better integrate our security needs within DevOps processes – and we need to do it fast.  DevOps is here, and it’s up to the security team to determine how security processes and tools will fit into the mix – or risk being edged out.  

</Read More>
Blog Headers

13 More Hacking Sites to (Legally) Practice Your InfoSec Skills

Nov 06, 2015 By Sarah Vonnegut | Read the first post, 15 Vulnerable Sites to (Legally) Practice Your Hacking Skills here.   There’s a well-known saying that before you judge someone you should always “walk a mile in the other person’s shoes.”  You can’t get the full picture behind a person without first living like they do and understanding what goes on in their heads.     In organizations around the world, there’s a big push to be more “security aware,” and it’s an important part of our jobs. We’re defenders, and we have a big job to do in making sure our applications and systems are secure from any threat that might come at us. But there’s another side to being good at defending your applications and systems. Those dealing with security also need to “walk a mile in the other persons shoes” – but in our case, it’s about understanding the attackers side not so we can empathize, but so we can minimize the risks posed by and to our applications.   

</Read More>
Securing PhoneGap Apps

The Worst PhoneGap Security Issues And How To Avoid Them

Oct 23, 2015 By Sarah Vonnegut |   Mobile devices have exploded in our modern world. And with the explosion have come implications. Business can be conducted anywhere now, and high-value documents and data can easily be read and shared on the go. While this may be great for productivity levels and greater flexibility, security risks only seem to increase as more cell phones and tablets hit the marketplace.   The customers who use our mobile apps aren’t necessarily thinking about security as they use their phones to do any number of things – and it’s on us if our applications are hit by hackers. Each mobile operating system (OS) comes with its own security risks, and developing secure applications for different platforms, written (and secured) in the appropriate language for the platform, can get tricky.

</Read More>
Celebrating National Cyber Security Awareness Month

Celebrating National Cyber Security Awareness Month

Oct 12, 2015 By Sarah Vonnegut | If you’re in need of a great excuse to strengthen – or start – an application security awareness program for your developers, this month is it. October, as you may already know, is National Cyber Security Awareness Month (NCSAM), and hundreds of security-focused organizations, including us, have come together in support of a more secure future for all.   Checkmarx is excited to have partnered up with the National Cyber Security Alliance (NCSA) and the Department of Homeland Security in promoting security awareness, and this year our aim is to raise awareness for application developers. As part of our participation in this year’s Cyber Security Awareness initiative, we’ve launched a site, SecureDevKit.com, dedicated – in October and throughout the year – to teaching developers how to write better, more secure code.  

</Read More>
Application Security Testing-

Application Security Testing: 7 Steps to a Recipe for Success

Sep 10, 2015 By Sarah Vonnegut | Security tools are becoming more and more popular throughout the world of tech, and for security enthusiasts, and it should be something to celebrate about. But, in reality, we still have a long way to go when it comes to the actual use of the tools.
We’ve known for years about the major gap between security and development, and we’re getting better. But while the proliferation of the DevOps movement has made organizations realize that security is essential to agile processes, we’re still missing a piece of the puzzle. Because while the purchase of security solutions might be increasing, developer use isn’t quite on par.

</Read More>
Best Practices for Mobile App Security

Mobile Application Security: 15 Best Practices for App Developers

Aug 19, 2015 By Sarah Vonnegut | In 2015, the mobile app is king. The applications we download on our mobile devices entertain us, keep us in touch with our loved ones, show us who’s single nearby, share anything we want about our lives with the world – and so much more. And thousands of new applications are added to the marketplace. Every single day.   There’s a 1991 ad from Radio Shack depicting “great prices” for all the things we now use our cell phones for. ‘High-tech’ devices like s VHS camcorder, a discman, a tape recorder are proudly displayed – all technologies made pretty much obsolete with a variety of handy applications on our much more compact and relatively cheap mobiles.  

</Read More>
some

Beyond XSS and CSRF: Same Origin Method Execution

Aug 12, 2015 By Sarah Vonnegut | Unless you were living under a rock last fall, you heard about the major iCloud hack that saw nude pictures of A-list celebrities posted all over the web. The fact that someone could hack into private clouds and steal the sensitive data contained within alarmed web users around the world.   That wasn’t the only exploit of its kind. If someone malicious had discovered another, similar exploit on Google+, there could have been a similar batch of stolen photos.   Luckily, the hacker that found them is a white-hat and plays for the good side. Ben Hayak plays for the good side, and our private Google Plus photos have been saved from prying hands.   Ben, a senior security engineer at Salesforce, recently discovered a method of attack that would pose major threats to users and sites with successful attacks.  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.