Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Application
Security Trends

Traditional security is well past its expiration date.
Learn about the latest trends in AppSec in these posts,
from DevOps to SAST and everything in between.

Power to the Players: 3 Tips for Gamifying Your Cybersecurity Training

It’s no hidden secret that an increased level of training and education is both one of the biggest needs and shortcomings in the cybersecurity industry. Organizations are falling victim to cyberattacks more frequently than ever before and the ramifications are only getting worse. According to IBM Security’s and Ponemon Institute’s 2019 Cost of a Data

Read More ›

The Open Source Cookbook: Prepping Your Kitchen

Over the course of this adventure into the culinary world of software development, we have drawn comparisons between open source software and cookie recipes, and equated open source risks to spoiled ingredients. When cooking, it’s imperative that we prep our kitchen properly, stocking the tools and equipment, getting our timing and steps in order, soliciting

Read More ›

Kotlin Guide: Why We Need Mobile Application Secure Coding Practices

October is the annual National Cybersecurity Awareness Month (NCSAM), which is promoted by the U.S. Department of Homeland Security and the National Initiative for Cybersecurity Careers and Studies (NICCS). According to the NICCS, “Held every October, NCSAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to

Read More ›

Becoming Optimus Prime Within Your AppSec Initiatives

When I was a child, I didn’t dream of becoming a legendary football player or a rock star. My dream was to become a Transformer: specifically Optimus Prime. I am sure some of you in the audience shared the same dream. As you can probably guess, unfortunately, this dream did not come true. But what

Read More ›

The Open Source Cookbook: Understanding Your Software Ingredients

As I introduced in my last article, where we explored the variance among open source components, distros, and forks, open source software and modern application development can be equated to baking. This analogy allows us to explore potentially complex topics through the more familiar lens of one’s unique take on popular recipes. This time, I’d

Read More ›

Why you need to be thinking about API Security

As cyber attackers continue to take advantage of vulnerable people, processes, and technology, they are now expanding their operations beyond “traditional” targets. It seems that nothing is outside of their jurisdiction and no one is 100 percent safe from their malicious campaigns. Although organizations are making strides in the right direction to protect themselves, as

Read More ›

AppSec Training – Necessary, but not sufficient

It’s no secret that the earlier you discover security bugs in the software development life cycle (SDLC), the more time, money, and resources you will save. While making use of “reactive” security testing tools such as SAST and IAST is necessary to prevent vulnerabilities from entering production, a proactive approach that eliminates the introduction of

Read More ›

Why Software Security and DevOps Were the Talk of the Town at Black Hat and DEF CON 2019

In the wake of Black Hat 2019 and DEF CON 27, there is no doubt that the cybersecurity industry is growing beyond anyone’s expectations. The sheer number of sponsors and attendees who descended upon Las Vegas last week from all parts of the world ranged in the tens of thousands, with this number continuing to

Read More ›

Training Exposure: Addressing Secure Coding Education in Your Software Security Program

According to the Verizon 2019 Data Breach Investigation Report, 69 percent of the data breaches investigated by Verizon were perpetrated by outsiders, 63 percent were the result of attackers targeting server assets, and nearly 70 percent of breach incidents were caused by attackers targeting vulnerable web applications. Undoubtedly, there is a substantial connection between vulnerable

Read More ›

Adoption Exposure: Your Software Security Needs Integration and Automation

There are many software security solutions available today designed to provide insight into important security issues found during software development. As organizations begin moving forward with DevOps initiatives, are their current Application Security Testing (AST) solutions doing the work they need them to accomplish? If you haven’t integrated AST automatically into your vulnerability detection, triage,

Read More ›

Jump to Category