AppSec Tips & Best Practices

Learn from AppSec success stories and discover tips and best practices for Developers, CISOs and Security Managers to help in securing every part of the SDLC.
Tips to Secure SDLC

Quick Tips To Secure Your SDLC

Dec 22, 2016 By Arden Rubens | Applications have become as complex as ever, and with the constant evolution and advancement of applications, cyber threats have become of the biggest risks that organizations today face – and as most of the past cyber attacks on organizations teach us, those risks can be absolutely disastrous. Therefore, along with the increased business risks and concerns correlating with insecure software, the attention from organizations is significantly more focused on building securely.
 
Read More »
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills - 2016 UPDATE15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills – 2016 UPDATE

Dec 04, 2016 By Arden Rubens | As technology grows, so does the risk of getting hacked. So, it should come as no surprise that InfoSec skills are becoming more important and more in demand.
No matter if you’re a beginner or an expert, nor if you’re a security manager, developer, auditor, or pentester – you can now get started by using these 15 sites to practice your hacking skills – legally. 
          Do you have any other sites you use to practice on? Let us know below!
Read More »
keys to avoiding data security breaches

Keys to Avoiding Data Security Breaches

Nov 17, 2016 By Arden Rubens | Data security breaches and exploits continuously make headlines as online organizations and applications are under constant attack by cyber criminals. The number of data breaches are increasing drastically year to year putting millions of people at risk of identity theft and fraud. A consequential data breach has the power to wreck company assets while taking down whole organizations by releasing sensitive data and embarrassing emails, so it only makes sense for an organization to take all necessary steps to protect its data. Data breaches can occur from a variety of different scenarios ranging from large scale cyber attacks and hacking techniques to malicious activity within a system as the result of a portable device, system outage or error, and poor or non-existent security policies. That being said, the most common cause of data security breaches is weak or stolen passwords. In fact, according to Verizon’s “2015 Data Breach Investigations Report”, a whopping 76% of network intrusions occurred as a result of weak credentials. Hackers crack passwords with the help of specific tools and techniques or by using malware or phishing attacks. Once the right password is in the wrong hands, it is game over for the company and the user alike.  Here are some keys to help you avoid data breaches.
Read More »
web application security lessons

3 Web Application Security Lessons from Recent Vulnerabilities and Exploits

Nov 13, 2016 By Paul Curran | 2016 has been a hot year for hackers and this trend shows no sign of stopping. Major hacks and the breached data released as a result over the course of 2016 have led to millions in losses for the organizations who failed in establishing proper web application security. The now-infamous Yahoo hack cast some shades of doubt on how Verizon was going to proceed with its $4.8 billion acquisition while Iceland’s prime minister Sigmundur Davíð Gunnlaugsson resigned as part of the fallout from the Panama Papers.  
Read More »
Secure SDLC-01

The Best Ways to Ensure a Lasting Secure SDLC

Aug 05, 2016 By Sarah Vonnegut | To start the discussion on why a Secure SDLC is more important now than ever, we need to take a look at the evolution in applications and how they’re being secured. Both applications and the way organizations are tasked with securing them have changed dramatically over the past few decades.
Read More »
versus-1

Source Code versus Bytecode Analysis

May 11, 2016 By Paul Curran | In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis.
While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes to gauging inherent software risk, which method will expose more vulnerabilities? Which method should your organization be using?
Read More »
SAST-Security-Vulnerability-Assessment-01

Why SAST is Essential for a Security Vulnerability Assessment

May 05, 2016 By Sarah Vonnegut | Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices.
  And while it’s true that some organizations are better at this than others (or sometimes just luckier), the fact remains that nobody needs to be reminded that security vulnerability assessments are worthwhile.
Read More »
appsec-champ2-01

Why You Need an AppSec Champion on Your Side

May 01, 2016 By Sarah Vonnegut | If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up and running. How can you get your program to work if the team most able to make a difference – the developers – aren’t interested? You need an AppSec Champion on your side.
Read More »
hacker-sca-02

Do Hackers Use Source Code Analysis?

Apr 27, 2016 By Amit Ashbel | Your source code – along with secure application code practices – is your edge over hackers. 
  A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities in code.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

REQUEST A DEMO

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE