Posts by Sharon Solomon:


PCI DSS Compliance Made Easy Using Source Code Analysis

May 05, 2015 By Sharon Solomon | The e-commerce and retail fields have undergone mammoth changes over the last decade. Paying in hard cash has almost become a thing of the past. Credit and debit cards are now being used to conduct millions of transactions and e-shopping purchases on a daily basis worldwide. But this new reality has also introduced numerous security perils.  

</Read More>


Apr 29, 2015 By Sharon Solomon | Application security used to be an afterthought until a few years ago, but the exponential rise in cybercrime and malicious activity has made organizations pay more attention to this crucial aspect. This realization has also brought up a widespread discussion about the pros and cons of the various AppSec solutions that are on offer in the market.   While Penetration (Pen) Testing, Interactive Application Security Testing (IAST) and Web Application Firewalls (WAF) are widely recognized security methodologies, they are typically used as processes to compliment the two most popular solutions in use today – Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).  

</Read More>

All You Wanted To Know About Continuous Integration Security

Apr 07, 2015 By Sharon Solomon | Continuous Integration (CI) is an application development practice that’s becoming more and more popular in large software development organizations. While it boosts productivity and code integrity, it introduces new technical challenges in the security process, magnifying the importance of selecting of the right solution for the task.  

</Read More>
Ali Express

The AliExpress XSS Hacking Explained

Mar 24, 2015 By Sharon Solomon | This post was originally published on the AppSec-Labs blog.   As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate on it in the following post.   A few months ago, I purchased some items from AliExpress. After the purchase, I sent a message to the seller in order to ask him a question regarding the items. From my experience as an application security expert at AppSec Labs, I had suspected that it might be vulnerable to a certain security breach, and so I started to investigate the issue locally without harming the system or its users.  

</Read More>
AppSec 101

AppSec 101: The Secure Software Development Life Cycle

Mar 19, 2015 By Sharon Solomon | Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known as sSDLC).  

</Read More>
Open Source

3 Things to Know About Managing Open Source Components in Your App

Mar 05, 2015 By Sharon Solomon | Manage your software where it’s created. It is in your continuous integration environment where the various pieces of code become software. While some of the software is proprietary, much of it (probably over 50%) is open source components, as your development teams use open source components to boost their productivity and make better products.
You most likely have your proprietary software thoroughly tested, QAed and reviewed via static code analysis on a regular basis. But what about the open source components?  Open source components may have a direct impact on the quality of your software or service.

</Read More>

Safer Swift Development With Checkmarx’s New API

Feb 23, 2015 By Sharon Solomon | After using Objective-C for decades, Apple is swaying towards its newer and safer Swift programming language. The latter is compatible with Apple’s Cocoa/Cocoa Touch frameworks and works with almost all of the Objective-C code written for Apple computing and mobile devices. This shift has not been smooth and Swift development still has some security issues.

</Read More>
Game of Hacks

Game of Hacks: Promoting Secure Coding Practices

Jan 20, 2015 By Sharon Solomon | Application security has become a huge challenge for IT companies worldwide. More and more exploits, causing widespread financial and technical damage, are being reported on almost a daily basis. While primarily taking these security issues head-on, Checkmarx is also providing an interactive solution to promote secure coding standards within organizations.  

</Read More>

15 AppSec Tips From the Top Ethical Hackers of 2014

Dec 31, 2014 By Sharon Solomon | 2014 will go down as the year of the mega-attacks. It all started off during last years holiday season with the Target hackings that affected over 100 million customers. Soon the Heartbleed and Shellshock vulnerabilities were exposed, causing havoc all across the planet. The hackings kept on coming in the latter stages of the year – the Snapchat fiasco, iCloud photo leaks and North Korean orchestrated Sony Pictures hacking just to name a few.  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.