Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
Buffer Overflow

Buffer Overflow: The Mother of All Vulnerabilities

Dec 28, 2015 By Sharon Solomon | The Buffer Overflow vulnerability has been around for almost 3 decades and it’s still going strong. Hackers all around the world continue to name it as their default tactic due to the huge number of susceptible web applications. But what steps are organizations (devs) taking to combat this vulnerability? What role does secure coding play in eliminating this threat? This article also includes an ethical hacker’s Buffer Overflow POC along with a brief Q&A.

Read More »
Blog Headers

Why DevOps Is Actually Good for Your Security Program

Dec 18, 2015 By Sarah Vonnegut | With organizational culture – and along with it processes and technology – evolving at a pace we’ve never experienced before, we can’t sit back and wait for the “DevOps fad” to fade away. It’s not a fad, it’s an evolved way of software development. And security cannot be the elephant in the room, the team everyone avoids because it just gets too complicated. Security must evolve, as well. We must become SecDevOps.   Many organizations are now routinely pushing out tens if not hundreds of releases and updates on a daily basis. If there’s ever been a wake-up call for the security industry to change their outdated ways – DevOps is it.

Read More »
IoT

Internet of Things (IoT): Hack My Hospital

Dec 16, 2015 By Sharon Solomon | Hospitals and medical clinics were once places where patients were sheltered from the outer world and had the privacy they required for recovering safely. But with the Internet of Things (IoT) revolution in full swing and online health monitoring devices in abundance, the risks involving data leakage and privacy violation are rising exponentially. How safe is today’s healthcare ecosystem? Not very much, as the following article will show you.

Read More »
Whatyouneed2know

What you need to know – Anonymous strikes the European Space Agency

Dec 14, 2015 By Amit Ashbel | Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more than 8,000 subscriber’s data has been exposed.

Read More »
Web Application Firewalls

Web Application Firewalls (WAFs): Ethical Hacker Exposes His Secrets

Nov 18, 2015 By Sharon Solomon | In an age where cybercrime is escalating exponentially, picking the right security solution has become extremely crucial. Web Application Firewalls (WAFs) are highly regarded by many leading InfoSec experts, but Pakistani ethical hacker and AppSec expert Rafay Baloch thinks otherwise. To make matters more interesting, he also has the required expertise and POCs to back up his claims.  

Read More »
Internet of Things (IoT) - Hack My Home

Internet of Things (IoT) – Hack My Home

Nov 02, 2015 By Sharon Solomon | Once a luxury reserved exclusively for the uber-technical or super-rich, the Internet of Things (IoT) phenomenon is invading our private dwellings at an astonishing pace. This revolution has basically connected all commonly used home appliances to the internet. Tech giants worldwide are investing a lot of resources in creating their own Internet of Things (IoT) eco-systems. Unfortunately a lot of this is happening in an unprotected manner, putting millions of people and homes at risk.

Read More »
Web Browser Security

All You Wanted To Know About Web Browser Security

Oct 21, 2015 By Sharon Solomon | The web browser has come a long way since its invention in late 1990. Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Explorer/Edge have now taken the world by storm with their evolving user-friendly features. They have boosted productivity significantly thanks to their seamless integration with leading third-party applications and plug-ins. Unfortunately, web browser security is an aspect that is overlooked more often than not.

Read More »
Celebrating National Cyber Security Awareness Month

Celebrating National Cyber Security Awareness Month

Oct 12, 2015 By Sarah Vonnegut | If you’re in need of a great excuse to strengthen – or start – an application security awareness program for your developers, this month is it. October, as you may already know, is National Cyber Security Awareness Month (NCSAM), and hundreds of security-focused organizations, including us, have come together in support of a more secure future for all.   Checkmarx is excited to have partnered up with the National Cyber Security Alliance (NCSA) and the Department of Homeland Security in promoting security awareness, and this year our aim is to raise awareness for application developers. As part of our participation in this year’s Cyber Security Awareness initiative, we’ve launched a site, SecureDevKit.com, dedicated – in October and throughout the year – to teaching developers how to write better, more secure code.  

Read More »
Android Development

Top 5 Secure Android Development Tips

Sep 01, 2015 By Sharon Solomon | Over 50% of US smartphone users are now actively using Android devices and the security aspect of Google’s mobile platform is under constant scrutiny. With new vulnerabilities and hacking POCs making the news on almost a daily basis, safety concerns are rising. So what lies ahead for this customizable and user-friendly, albeit vulnerable, mobile operating system? How can secure Android development minimize the risks? Let’s find out.  

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE