This article is the first in a series of interviews with CISOs in various industries. Our goal is to share our conversations with different Chief Information Security Officers about how they deal with daily tasks as well as the bigger picture of innovating security practices around business operations. Gary Hayslip is currently the Deputy
This post was originally published on the AppSec-Labs blog. As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate
Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known
It’s the never-ending dilemma; the ‘Coke or Pepsi’ debate of the software and security world, and there’s still no definitive answer. As the application security market grows, so too does the variety of tools available to organizations seeking to secure their applications. And with both open source and commercial tools popping up and solid options
Organizations today are aware of security risks they can be exposed to as a result of bad or wrong code practice. However, while awareness is the first step, being able to act is a whole other ballgame. After witnessing more and more companies being hit by attacks based on well-known vulnerabilities, we sought to understand what’s holding organizations
After using Objective-C for decades, Apple is swaying towards its newer and safer Swift programming language. The latter is compatible with Apple’s Cocoa/Cocoa Touch frameworks and works with almost all of the Objective-C code written for Apple computing and mobile devices. This shift has not been smooth and Swift development still has some security issues.
Application security has become a huge challenge for IT companies worldwide. More and more exploits, causing widespread financial and technical damage, are being reported on almost a daily basis. While primarily taking these security issues head-on, Checkmarx is also providing an interactive solution to promote secure coding standards within organizations.
PayPal has revolutionized the e-commerce market in recent years with its convenient characteristics that bolster user privacy. Gone are the days when online shopping required cumbersome bank transfers or complex credit card verifications. Unfortunately there is still work to be done on the security front after Egyptian researcher Yasser Ali shocked the world with his PayPal bug
The impact of the Drupal fiasco is still being felt across all industry sectors. The world’s third biggest CMS platform was compromised with arguably the oldest hacking technique in existence – the SQL injection (SQLi). While the Drupal 7.32 update has resolved this specific problem, SQL injections won’t really go away until they are treated from the
Doing security the right way demands an army – of developers, security teams, and the tools that each uses to help create and maintain secure code. With the increasingly important mindset of creating quality, secure code from the start, we’ve seen a greater shift towards the adoption of tools designed to detect flaws as