Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
future of cyber security

The Future of Cyber Security – Part 1: IOT Security

Aug 25, 2016 By Paul Curran | “One of the unique aspects of IoT (Internet of Things) is that it’s bringing cybersecurity into the physical realm.” Intel Security Group Senior VP Chris Young.   For those that didn’t live through the fear mongering surrounding the anticipated disasters stemming from Y2K, cyber security hasn’t been something that has made a major impact on the average person’s life.

Read More »
hacks and breaches July 2016

Major Hacks and Breaches for July 2016 [INFOGRAPHIC]

Aug 16, 2016 By Paul Curran | Summer 2016 continues to heat up with hacks, breaches and discoveries of major vulnerabilities. From automotive to the internet of things(IoT) and from Vietnamese airports to Taiwanese ATMs, July was a big month for cyber security news. Both Fiat-Chrysler and BMW feature in this month’s infographic, although for different reasons as Fiat Chrysler took the preventative step of launching a bug bounty program for its website and mobile applications, while two serious vulnerabilities were discovered in BMW’s web portal.  

Read More »
June Breaches

The Biggest Breaches and Hacks of June 2016 Infographic

Jul 07, 2016 By Paul Curran | Each month, we hear about a whole new cascade of security breaches that each bring to mind that saying that the definition of insanity is doing the same thing over and over and expecting different results.  June was no different.    Starting the month off was a massive MySpace hack that could end up being the biggest breach of all time with over 360 million usernames and passwords stolen. Mid-month we learned of a possible Wendy’s POS breach and of a rogue T-Mobile employee trying to pilfer customer data on the dark web. And just last week, the Quora account of Google CEO Sundar Pinchai was hacked.

Read More »
devops + security-01

4 Keys To Integrating Security into DevOps

Jul 01, 2016 By Sarah Vonnegut | Faster, predictable releases, lower development costs, and a market constantly demanding new features and products have made the ecosystem ripe for the emergence of a new way of developing software. The development world responded to those demands, bringing the DevOps movement from unknown into the mainstream. Multiple releases a day would have been unheard of 10 to 15 years ago. Today it’s the norm.

Read More »

What Type of Hacker Are You?

May 10, 2016 By Sarah Vonnegut | While movies and TV shows have made the term ‘hacker’ variations of awful stereotypes, all sorts of hackers, good and bad exist in the world. Maybe you’re one of them – or perhaps you wish you were. Want to know what type of hacker you’d be if you were? Take the quiz and find out!

Read More »

OpenSSL Vulnerabilities: Takeaways from the Latest Patch

May 06, 2016 By Sarah Vonnegut | The OpenSSL project this week released a series of patches to combat six vulnerabilities that have been discovered as of late, including two high-severity flaws that would give attackers the ability to decrypt HTTPS traffic, execute malicious code on vulnerable servers, and possibly even cause servers to crash. Ironically, one of the flaws was actually inadvertently implemented as part of the fix for the Lucky 13 flaw that was discovered in 2013.

Read More »

Cyber Terrorism – How Real is the Threat?

May 04, 2016 By Paul Curran | As our dependency on the internet increases from our phones to our streets, hospitals and cities, so do the threats posed by cyber terrorism. “Cyber terrorism” is a contested term that can erroneously include acts of “hacktivism” and internet vandalism which do not directly threaten the lives and livelihoods of their victims. The potential threats posed by cyber terrorism are daunting, but are they really within the reach of cyber terrorists?

Read More »

Need-to-Know AppSec News Stories, April 2016

Apr 21, 2016 By Sarah Vonnegut | We’re starting something new today: An AppSec news story roundup that you can either read or watch via our Whiteboard Roundup below! We look forward to helping our readers stay up-to-date with all they need to know about AppSec – so please let us know what you think below and if we’ve missed any good security stories. 

Read More »
Software Security Testing

Who Needs Software Security, Anyway?

Apr 12, 2016 By Andrei Cheremskoy | In recent years, the advent of mobile and cloud computing revolution has brought to light a serious issue affecting both organizations and individuals: software security. Every day, there’s a new story we hear about some website or application being penetrated, releasing sensitive information that is sold, abused, and exploited. As a consequence, companies lose their credibility (along with hefty financial losses) and customers lose their trust in companies’ ability to secure their personal information.

Read More »
mossack fonseca panama papers CMS connection

Panama Papers: The CMS Connection?

Apr 11, 2016 By Paul Curran | In early April 2016, reports emerged detailing history’s largest data leak, the Panama Papers. This incredible leak of sensitive data concerning both Mossack Fonseca and their clients contained 2.6 TB of data which included 11.5 million documents relating to over 200,000 companies and exposed the hidden fortunes of politicians, dictators and the super-rich. In comparison to understand the size and significance of this leak, the 2010 Wikileaks from 2010 which contained a mere 1.7GB of data.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.