AppSec Tips & Best Practices

Learn from AppSec success stories and discover tips and best practices for Developers, CISOs and Security Managers to help in securing every part of the SDLC.
blog-how-to-raise-cybersecurity-awareness

How to Raise Cybersecurity Awareness at all Levels of Your Organization

Jun 15, 2017 By Sarah Vonnegut | We’ve said it once and we’ll say it again: an organization is only as secure as its weakest link. Most, if not all, of your employees are online and on their mobile devices in your workplace, whether you have a BYOD policy in place or not. Developers release software with millions of lines of code, your management discuss and share privileged information, and the rest of the organization opens emails regardless of whether they know the sender or not.  
Read More »
blog-why-your-enterprise-needs-devops

Why Your Enterprise Needs DevOps

Jun 12, 2017 By Sarah Vonnegut | The buzzword of the decade is far from just a trend as organizations struggle to keep up with competition. There’s a reason DevOps is so often discussed and highly regarded. As organization after organization makes the switch and reaps the rewards offered by the DevOps culture, it’s time for all those who could enjoy DevOps to at least try it out. By improving software development at every stage, successful organizations have found, they can also improve on quality, stability, and business benefits. Curious? Let’s find out why your enterprise needs DevOps.
Read More »
blog-stand-out-with-your-appsec-routine-1

5 Steps to Stand Out with your AppSec Routine

Jun 01, 2017 By Sarah Vonnegut | In most organizations, Application Security is sadly behind in adoption, especially when compared to Network Security. And yet, with 84% of attacks aimed at the application layer, we need to turn our focus more towards AppSec. As we use and deploy more and more apps, the interdependencies between them complicate internal infrastructures, leading to more opportunities for misconfigurations and holes that could be used by attackers.  
Read More »
blog-a-closer-look-owasp-top-10-application-security-risks

A Closer Look: OWASP Top 10 Application Security Risks

May 22, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, the OWASP Top 10 releases a list every four years consisting of the top biggest Application Security Risks.  
Read More »
blog-software-dev-in-agile-era-1

Six Steps to Secure Software Development in the Agile Era

Apr 20, 2017 By Sarah Vonnegut | Written in 2001, the Agile Manifesto launched an evolution in software development that has unfolded over the past decade and a half. Moving from waterfall development to rapid development and into the Agile methodology, software companies around the world have adopted at least some of the Agile processes and practices. And for many organizations, the evolution has paid off – at least in some parts of the business.    
Read More »
DevSecOps

DevOps & The Secure SDLC: Breaking Down Barriers with DevSecOps

Feb 02, 2017 By Sarah Vonnegut | The adoption of DevOps in enterprises around the world has created a whole new meaning to constant, rapid innovation and delivery. Iteration after iteration, DevOps is designed to improve the end product endlessly, pushing the limits of speed and collaboration.
Read More »
blog-chrome-extensions

8 Chrome Extensions Every Security Pro Needs

Jan 25, 2017 By Arden Rubens | Google Chrome is the most popular web browser, and it comes with a large library of Chrome extensions with the aim of helping you customize your browsing experience. And with so many options, it can be hard to find the extensions which are right for you. Therefore we put together this list featuring the top Chrome extensions every security professional needs.
Read More »
Tips to Secure SDLC

Quick Tips To Secure Your SDLC

Dec 22, 2016 By Arden Rubens | Applications have become as complex as ever, and with the constant evolution and advancement of applications, cyber threats have become of the biggest risks that organizations today face – and as most of the past cyber attacks on organizations teach us, those risks can be absolutely disastrous. Therefore, along with the increased business risks and concerns correlating with insecure software, the attention from organizations is significantly more focused on building securely.
 
Read More »
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills - 2016 UPDATE15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills – 2016 UPDATE

Dec 04, 2016 By Arden Rubens | As technology grows, so does the risk of getting hacked. So, it should come as no surprise that InfoSec skills are becoming more important and more in demand.
No matter if you’re a beginner or an expert, nor if you’re a security manager, developer, auditor, or pentester – you can now get started by using these 15 sites to practice your hacking skills – legally. 
          Do you have any other sites you use to practice on? Let us know below!
Read More »
keys to avoiding data security breaches

Keys to Avoiding Data Security Breaches

Nov 17, 2016 By Arden Rubens | Data security breaches and exploits continuously make headlines as online organizations and applications are under constant attack by cyber criminals. The number of data breaches are increasing drastically year to year putting millions of people at risk of identity theft and fraud. A consequential data breach has the power to wreck company assets while taking down whole organizations by releasing sensitive data and embarrassing emails, so it only makes sense for an organization to take all necessary steps to protect its data. Data breaches can occur from a variety of different scenarios ranging from large scale cyber attacks and hacking techniques to malicious activity within a system as the result of a portable device, system outage or error, and poor or non-existent security policies. That being said, the most common cause of data security breaches is weak or stolen passwords. In fact, according to Verizon’s “2015 Data Breach Investigations Report”, a whopping 76% of network intrusions occurred as a result of weak credentials. Hackers crack passwords with the help of specific tools and techniques or by using malware or phishing attacks. Once the right password is in the wrong hands, it is game over for the company and the user alike.  Here are some keys to help you avoid data breaches.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE