Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.

2,000+ Websites Vulnerable With Ruby on Rails Flaw

Nov 28, 2013 By Sarah Vonnegut | A new exploit, discovered by a white-hat hacker, puts users of over 2,000 Websites in danger of attack. Older versions of Ruby on Rails, a popular open source Web app, employ a defective session management system that could affect the users on the thousands of sites that use it. G.S. McNamara, a security researcher based in D.C., first found the vulnerability issue back in September. The exploit is an Insufficient Session Expiration weakness, and McNamara says it’s fairly common. It’s especially dangerous for shared computers with lots of daily user turnover, such as in libraries or internet cafes.

Read More »

Cybersecurity Checklist For Holiday Shopping & Travel

Nov 27, 2013 By Sarah Vonnegut | For many in the U.S., the Thanksgiving weekend officially begins at the end of today’s work day and thus starts the beginning of the holiday season. This year there will already be enough pains to deal with: congested roads, packed stores and airports, not to mention messy weather. One headache you can avoid is Cybercrime, so take these fairly simple steps to keep yourself and your gadgets secure while traveling and shopping.

Read More »

Reviewing Scan Results in Checkmarx CxSuite [Video]

Nov 22, 2013 By Sarah Vonnegut | [slideshare id=28484935&doc=checkmarxresultsreview-131121105407-phpapp02-video] In this SlideShare video, we demo the process of reviewing the source code analysis and the steps you need to take in repairing the vulnerabilities. Explore how the CxSuite solution, using state of the art code flow visualization, discovers vulnerable locations and shows the points to best fix the issue and mitigate further risk.
  Related Resouces: A Picture Is Worth A Thousand LoC: Using Code Flow Visualization for Optimal Vulnerability Remediation
A Successful SAST Implementation [White Paper]

Read More »

Obamacare Website Compromised; Security Issues Surface

Nov 21, 2013 By Sharon Solomon | The Obamacare website has now joined the ever-growing list of compromised portals. Reports of bad user-experience and rumors of security breaches have been making the rounds for weeks, but the newly launched national healthcare website ( has now apparently fallen prey to a typical Cross-Site Scripting attack. 

Read More »

The Week in Application Security News: November 11-17, 2013

Nov 17, 2013 By Sarah Vonnegut | Been too busy changing all your overused passwords to read the security news this week? We’re here to catch you up on the past week’s news from an #AppSec point of view, from Loyaltybuild’s massive breach of trust as well as credit card details, to the Adobe exposure that keeps on giving, to remembering the last of the living Enigma code-breakers – it was quite a busy week in the world of security.

Read More »

Monetary Authority of Singapore (MAS) Embraces SAST

Nov 15, 2013 By Sharon Solomon | Application security in Financial Information Systems (FIS) has become a must in today’s malicious cyberspace. Due to the wide range of solutions in the market, many software executives find it hard to pick the right defense strategy for their systems, which contain highly sensitive details and valuable information.

Read More »

When It Comes To Battling Cybercrime, Better Safe Than Sorry

Nov 13, 2013 By Sarah Vonnegut | Globally, upper-level management in corporations big and small have a conundrum when deciding what to do about their information security strategy. It’s a hassle; it’s another expense; it’s unnecessary, they say. Do information security correctly, though, and you could save millions of dollars and headaches; when it comes to data breaches, it’s better safe than sorry.

Read More »

Checkmarx and Specialist IT Consultancy Firm Ballintrae Team Up To Reduce Software Risks

Nov 13, 2013 By Sarah Vonnegut | The companies will jointly work on Application Security.
(CBR) –November 13, 2013 — IT consultants Ballintrae and Checkmarx, an application security testing, have joined forces to reduce software risk. With risk high on the boardroom agenda, it is hoped that the partnership will help financial services organisations minimize software risk when developing and upgrading internal and client-facing applications.

Read More »

Checkmarx Raises $8M In Latest Funding Round

Nov 11, 2013 By Sarah Vonnegut | Checkmarx started the week off with exciting news: After experiencing 2,200% growth over the past five years, Checkmarx closed a $8 million financing round on Monday.
From the Globes article: “According to IVC, Checkmarx previously raised $6.5 million. It was founded in 2006 by CTO Maty Siman at Ofer Hi-Tech’s Naiot Venture Accelerator. Emmanuel Benzaquen is the CEO.

Read More »

Microsoft releases Security Advisory, Windows Users at Risk

Nov 08, 2013 By Sharon Solomon | In a sudden turn of events, Microsoft has released a Security Advisory regarding vulnerability in some of its most common software versions. This security flaw can allow hackers to execute codes remotely by gaining full access to user’s computers.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.