Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
blog-hbo-hacks

Timeline: HBO’s Month of Hacks [INFOGRAPHIC]

Aug 21, 2017 By Arden Rubens | For the web is dark and filled with hackers…   Winter came for HBO at the start of August, as they were hit with hacks and data leaks (and a couple of their own mistakes). And as August progresses, we feel it’s safe to say that August marks the Long Night for the cable network, as every few days a new leak or development in the story makes headlines.  
Read More »
blog-php-framework

An In Depth Look: Top PHP Frameworks

Aug 10, 2017 By Arden Rubens | PHP is an open source scripting language designed for web development. When the language was first released in 1994, PHP stood for Personal Home Page. Today, PHP is referred to as a backronym – PHP, Hypertext Preprocessor.   PHP is a dynamic language allowing developers run their code instantly, without having to compile it first. What makes PHP unique from other client-side languages is that the code is executed on the server which generates HTML before it’s sent to the client.  
Read More »
blog-wireless-ip-cams

Are You Being Watched Through Your Connected Cameras?

Aug 02, 2017 By Arden Rubens | In October 2016, a massive distributed denial-of-service (DDoS) attack left millions of people around the world without major websites – including Twitter, Reddit, and Amazon – by taking them off the grid. This was directly caused by attackers easily guessing easy/default passwords on wireless IP cameras which were infected with a malware and then used to create a botnet. This incident is not only considered one of the biggest cyberattacks ever, but also one of the more recent hacks and breaches revolving around webcams and wireless IP cameras.  
Read More »
blog-july-infographic

July 2017: Top Hacks and Breaches [INFOGRAPHIC]

Jul 31, 2017 By Arden Rubens | With July being the official halfway mark in the year, it’s safe to say that 2017 is giving us both the expected and not-expected hacks and breaches, hitting every industry and affecting just about every country in our world. And this is coming at a pretty high cost. According to a report released by Lloyd’s of London, a major, global cyber attack can trigger about $53 billion of financial losses; a number equivalent to the financial loss of a disastrous natural disaster.  
Read More »
blog-the-abcs-of-appsec-testing-iast-dast

The ABCs of AppSec Testing: IAST & DAST

Jul 24, 2017 By Arden Rubens | As applications are being hit harder than ever with increasingly sophisticated cyberattacks, organizations are turning to application security testing solutions to keep their applications safe. And as organizations take a peek into the AppSec testing market, they are sure to see many different options. In this blog post we will take a look at two solutions: IAST and DAST.  
Read More »
blog-an-introduction-to-iast

An Introduction to IAST

Jul 13, 2017 By Arden Rubens | As organizations modernize and innovate their technologies and flows, traditional Dynamic Application Security Testing (DAST) is being considered a big setback for one big reason: time. With DAST, scanning for vulnerabilities takes time, special skills and maintenance. Therefore, with the rapid pace of CI/CD, it’s becoming more of a challenge to implement DAST. While automation and fast turnarounds are mandatory for a successful application security program in modern development environments, DAST cannot align with these requirements.  
Read More »
blog-appsec-metrics

AppSec Metrics That Matter

Jul 11, 2017 By Sarah Vonnegut |   Metrics matter. Metrics are important because they tell you, stakeholders and budget planners how well you’re meeting your set goals. Metrics ensure that your program has visibility and is the only way to effectively communicate the value of your application security program. If you simply go through the AppSec motions of scanning and fixing, you have no insight into how effective your application security program is or if you’re hitting either your security goals or business goals.  
Read More »
blog-australian-regulation-new-bill

Australia’s Mandatory Breach Notification Bill – 3 Ways to Prepare Your Organization

Jul 03, 2017 By Sarah Vonnegut | Governments are increasingly taking control of cybersecurity issues for the citizens and organizations they serve. Just last year, Europe passed the General Data Protection Regulation, or GDPR, which requires businesses who handle European citizen’s data to notify customers if they experience a data breach, as well as report it to the regulatory body. In the US, 47 out of 50 states have established state legislature touching on data breach notification requirements, and Canada requires hacked organizations to notify both customers and the Privacy Commissioner.  
Read More »
blog-june-infographic

June 2017: Top Hacks and Breaches [INFOGRAPHIC]

Jun 30, 2017 By Arden Rubens | As we dive into June’s biggest hacks and breaches, we begin with OneLogin – a company which allows users to access multiple websites, applications, and services with just a single password. An attacker got hold of highly-sensitive keys for OneLogin’s cloud instance, and successfully in using its front-door key. In a statement released by the company, it was said that the attacked may have “obtained the ability to decrypt some information”.  
Read More »
blog-abcs-to-ci

An A to Z Guide to Continuous Integration

Jun 25, 2017 By Sarah Vonnegut | The race to improve software quality and innovation has been around since the 1970s. Many processes and workflows have been created to help address the historical issues that prevent teams from developing high-quality applications quickly and reliably, yet enterprises continue their struggle to keep up.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE