Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
blog-software-dev-in-agile-era-1

Six Steps to Secure Software Development in the Agile Era

Apr 20, 2017 By Sarah Vonnegut | Written in 2001, the Agile Manifesto launched an evolution in software development that has unfolded over the past decade and a half. Moving from waterfall development to rapid development and into the Agile methodology, software companies around the world have adopted at least some of the Agile processes and practices. And for many organizations, the evolution has paid off – at least in some parts of the business.    
Read More »
blog-go

BSIMM in the Age of Agile

Apr 13, 2017 By Paul Curran | Since 2009, the Build Security in Maturity Model (BSIMM) has been helping organizations across a wide range of verticals build long-term plans for software security initiatives based on actual observed data from the field provided by nearly 100 participating firms.   In the most recent BSIMM report, released in late 2016, BSIMM co-author and inventor Gary McGraw highlights the challenge organizations face when it comes to correctly implementing security in agile development environments. For organizations adopting continuous integration/continuous deployment (CICD) and DevOps, security may be seen an inhibitor, but it doesn’t need to be. Read on to find out why.
Read More »
blog-go

How You can be Coding Securely in Go

Apr 06, 2017 By Paul Curran | For the third year in a row, Go has made the top 5 most loved programming languages and ranks number three in terms of “most wanted” programming language in Stack Overflow’s 2017 developer survey.   Additionally, Go developers are also among the top 5 highest paid according to tens of thousands of respondents of the same survey. Adding secure coding knowledge to the ability to develop in Go can lead to an even larger annual salary as security aware developers tend to earn more. Read on to learn about the secure coding resource that Checkmarx built to help developers across all verticals code securely in Go. 
Read More »
blog-march-infographic-1

March 2017: Top Hacks and Breaches [INFOGRAPHIC]

Apr 04, 2017 By Arden Rubens | The month of March in hacks and breaches began strong with discovery of a database containing 1.4B records left exposed by one of the biggest senders of spam. A few days after, WikiLeaks released details on secret CIA hacking tools used to break into computers, mobile devices, and smart TVs.  On the 13th of March, Statistic Canada was breached as hackers exploit a new software bug. Hackers managed to break into the national statistics’ bureau by exploiting a security bug in Apache Struts 2, a software most commonly used in governmental, financial, and retailer websites.
Read More »
7-ways-ciso

7 Ways to Win Over Your CISO

Mar 22, 2017 By Sarah Vonnegut | Security maturity, as cliche as it sounds, is a journey – not a destination. Security is never “done”; there is always more to be done, new technologies or processes to secure, evolving business objectives with which to align.   The great part about being on the security team is that you don’t have to be the CISO, or Chief Information Security Officer, to make some real changes. If you’re a dedicated security professional, you can absolutely help guide how security is implemented in your organization, as well as how security is perceived. Not only are these activities good for the company as a whole as well as the security team – your good work is often reflected back on you, personally – and can help you in your professional journey.  
Read More »
blog-history-of-appsec-2

The History of Application Security Testing – Part 2

Mar 16, 2017 By Sarah Vonnegut | Last week, we discussed the early history of computer security, tracing back to World War II and the “bombe”. This week, we’re looking back to the origins of the internet and how application security testing became an invaluable part of enterprise security. Here we go!
Read Part 1 of The History of Application Security Testing HERE
Read More »
copy-of-copy-of-blog

Bamboo vs Jenkins

Mar 12, 2017 By Paul Curran | The adoption of DevOps increased from 66 percent in 2015 to 74 percent in 2016 and the trend shows no sign of slowing down in 2017.   As more enterprises expand their teams working on continuous integration (CI), deployment, and delivery, there is an increasing demand to find the best solution to fit their deployment needs.   Read on to understand the benefits of Bamboo and Jenkins, two of the leading platforms for CI deployment and delivery, as well as the options available for implementing security through static code analysis in both of these solutions.
Read More »
1_360

What You Need to Know: Julian Assange & WikiLeaks [INFOGRAPHIC]

Mar 09, 2017 By Paul Curran | Julian Assange is an Australian activist, computer programmer, and hacker who, in December 2006, founded WikiLeaks. His goal was to provide a platform where classified and sensitive documents can be posted anonymously.   Since its’ start, WikiLeaks drew a lot of attention following some major information exposed on the site, however the first major leak resulting in legal charges (against WikiLeaks) was the exposure of Swiss Bank and Julius Baer for involvement in money laundering.  
Read More »
blog-infographic

February 2017: Top Hacks and Breaches [INFOGRAPHIC]

Mar 05, 2017 By Arden Rubens |
February may be the shortest month, but there definitely was no shortage in hacks and breaches. The month started with a an anonymous hacker single-handedly taking down an entire dark web hosting service with more than 10K Tor-based .onion sites. Then, on February 10th, a security flaw found in WordPress allowed hackers to attack and deface an estimated 1.5M pages.   Later on in February, hackers (masked as “Pro_Mast3r”) defaced one of the Trump Administration’s official fundraising websites in a subdomain takeover. On February 28th, data from connected CloudPets teddy bears was leaked after the database was found unsecured. Over 800K users were found in the database, which also contained recorded kids’ voice messages.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE