Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.

Automated CloudSpokes Code Testing & Analysis with Thurgood

Apr 25, 2013 By carolineb | We’d like to introduce you to Thrugood, CloudSpokes new tool- providing a quality and security analysis of submitted challenge code.
Thurgood provides you with information so you can determine if you want to tweak your submission based upon security reviews, add additional test coverage or resubmit if you’ve forgotten files that caused your build to fail.

Read More »

Anonymous attacks in Israel, April 2013 on “Israel Today” news

Apr 07, 2013 By carolineb | Following Anonymous cyber attacks in Israel on April 7th, 2013 we are providing free source code scans in order to assist local companies to secure their software.
We were proud to see our names on the “Israel Today” newspaper.

Read More »

The Binary Shake- directly from Harlem

Mar 12, 2013 By carolineb | There are 10 types of people in the world, those who understand binary and those who dance it.

Read More »

Mobile app security testing- are you checking for all the flaws?

Mar 11, 2013 By carolineb | By Kevin Beaver I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite). If you’re a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together getting in the app stores. I’ve used CxDeveloper to find flaws in iOS and Android-based apps that may not be discovered via traditional testing such as: Code injection
Session fixation
Path traversal
Weak passwords
Hard-coded cryptographic keys …all things that I’m not smart enough to find on my own. Nor do I have the time. For a few years now, I’ve dealt with the folks at Checkmarx and everyone from their CTO to their Director of Marketing – and a few others in between – has been super nice and responsive to my sometimes ridiculous requests.

Read More »

Hacking is more common than people think

Mar 06, 2013 By carolineb | Source: onlinecollegecourses

Read More »

Your Source for RSA2013 live updates! { }

Feb 21, 2013 By carolineb | Optimize your RSA2013 experience and get live updates from Vendors, Speakers and Press at

Read More »

Valentine’s Day Hilarious Pickup Lines for Geeks

Feb 14, 2013 By carolineb | We couldn’t ignore these hilarious, geeky pickup lines we saw on
Happy Valentine’s day, Enjoy!

Read More »

Security Corporations are going Bug- hunting

Feb 12, 2013 By carolineb | Security Corporations are going Bug- hunting
An article published by John Leyden on MITRE Corp, the organization which sets the industry standards for classifying security vulnerabilities goes one step further in security. The corporation is now considering the multiplication of Common Vulnerabilities and Exposures (CVE) in order to enhance the quality of bug reports in terms of security. Currently supporting up to 9,999 vulnerabilities, MITRE will be multiplying this digit by one hundred, extending this range up to 999,999!

Read More »

What’s HOT in Application Security Vol #40

Jan 14, 2013 By asaphs | Shape Security: Getting Down to the Root of Hacking
When treating an illness, it is generally more effective to treat the source of the problem rather than the symptoms. Shape Security is trying to do the same in the field of website security. While all other products are geared towards a faster, cheaper, and better way of preventing and stopping attackers, Sumit Agarwal, co-founder and vice president of Shape claims that they are “striking at the core mechanics of how those things work and making them harder to do in the future” by focusing on cutting edge attackers and crimeware ecosystem. Basically, it won’t be “offensive security” but defensive security, making it harder and more costly to do any damage.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.