Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
Local File Inclusion Vulnerability

How a Local File Inclusion Vulnerability led to the AdultFriendFinder Hack

Nov 21, 2016 By Paul Curran | For millions of users, and former users, of websites on the Friend Finder Network, the service built to bring them closer to their fantasies is turning into a nightmare. In what Wired is calling a “privacy catastrophe,” over 400 million accounts and deleted accounts, were breached on one of the world’s largest adult dating websites as the result of a Local File Inclusion vulnerability. AdultFriendFinder . com was acquired by Penthouse in 2007, which subsequently changed its name to Friend Finder Network. Under the Friend Finder Network exists numerous adult websites of which AdultFriendFinder . com is the largest. Combined, these websites contain over 412 million past and present users, all affected by the latest hack. Besides AdultFriendFinder . com, the Friend Finder Network includes numerous adult-oriented “hookup” websites which include

Read More »
Information Security Jobs, Salaries and Opportunities

Information Security Jobs, Salaries and Opportunities for Developers Willing to Upgrade

Nov 03, 2016 By Paul Curran | Developers who choose to augment their coding knowledge with secure development skills will find themselves in the most in-demand career field as the massive growth in cyber attacks continues to force organizations, and governments, to strengthen their cyber war chests with more advanced tools, increased budgets and larger teams. Read on the learn about the information security jobs, salaries and opportunities for developers willing to upgrade their skills.

Read More »
Secure Software Development

Secure Software Development Tips – Interview with Josh Feinblum

Oct 25, 2016 By Paul Curran | The fourth, and final, interview in our 2016 National Cyber Security Awareness Month series is with Josh Feinblum, the VP of Information Security at Rapid7. In this series, we have gotten tips for accelerating application security with Dan Cornell of the Denim Group, received insights about managing open source security with Rami Sass of WhiteSource and learned about the importance of security awareness training with Checkmarx’s own founder and CTO Maty Siman.

Read More »
Secure Coding Job Interview Questions

7 Secure Cyber Security Interview Questions (and Answers)

Oct 19, 2016 By Kevin Beaver | The dreaded job interview. From small talk to tough questions – it’s the true testing time for the interviewee. But if you’re the interviewer, control – and advantage – is on your side. When interviewing candidates for job positions that involve secure coding, i.e. development, QA, or related information security roles, what should you ask? Do you stick it to them with super-technical questions and allow them to show off their technical prowess or do you throw them some seemingly softball-type questions that, in the end, better showcase how they think, their personalities, and business skills? Read these 7 secure coding job interview questions below to find out. 

Read More »
application security awareness training

The Importance of Application Security Awareness Training – Interview with Maty Siman

Oct 18, 2016 By Paul Curran | The third in our series of 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Maty Siman, founder and CTO here at Checkmarx. 
Maty is passionate about secure programming and moving secure development education and awareness away from the “back seat” that security has traditionally taken for programmers. Read Maty’s advice for organizations who want to scale their security in 2017 as well as his recommendation for application security awareness training in the interview below.

Read More »
secure coding practices

7 Point Plan for Sustainable Secure Coding Practices

Oct 13, 2016 By Paul Curran | Gartner estimates that through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Month after month, major organizations face major hacks and breaches which often involve security vulnerabilities that are well known to security professionals. From SQL injections to weak encryption, the astronomical costs associated with exploits which can, and should be, remediated prior to production, should make organizations constantly reconsider, revisit and revise their software development lifecycle and strive towards creating a secure software development lifecycle (sSDLC). Read these tips for sustainable and secure coding practices and be sure to add your own in the comment section below!

Read More »
open source security with Rami Sass

Managing Open Source Security – Interview with Rami Sass

Oct 10, 2016 By Paul Curran | The second in our series of our 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Rami Sass, co-founder and CEO at WhiteSource, the solution that helps engineering executives all over the world to effortlessly manage the use of open source components in their software.

Read More »
AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

Oct 05, 2016 By Paul Curran | As a part of our ongoing initiative to help “Developers Vote Security” for 2016’s National Cyber Security Awareness Month, Checkmarx has published our Application Security Guide for Beginners as a detailed and concise resource that covers the key concepts and top keywords in the field of application security. From what is needed to create a secure software development lifecycle (SDLC) to the top threats facing applications and their consequences, this quick playbook covers it all when it comes to secure coding practices. This guide to secure development is divided into four categories: Code Development Methodologies, Code, Application Security Solutions and Common threats and their impacts.

Read More »
How to Accelerate Application Security: Interview with Dan Cornell, Denim Group CTO

2016 Cybersecurity Awareness Month: How to Accelerate Application Security – Interview with Dan Cornell

Sep 29, 2016 By Paul Curran | This October 2016, Checkmarx is celebrating National Cybersecurity Awareness Month (NCSAM) with content focused on educating and empowering developers about secure coding practices under the slogan “Developers Vote Security.”   As more and more organizations across all verticals speed up their development and adopt DevOps, the responsibility of security is increasingly falling into the hands of the developers during the development stages of the SDLC as the windows for security testing in the later stages continue to shrink.

Read More »
securing the online financial sector with source code analysis feature image

Securing the Online Financial Sector with Source Code Analysis

Sep 21, 2016 By Paul Curran | The financial sector is under constant attack by cyber criminals. In fact, banks are attacked four times more than other industries. Large bank hacks and exploits continually made headlines over 2015 and that trend continues as we progress into Q4 of 2016. What are the major cyber threats facing organizations in the financial and banking sectors, what steps can these organizations take in order to secure their code and what role can source code analysis play in securing banking applications against attackers?

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.