Source Code Analysis Source Code versus Bytecode Analysis May 11, 2016 by Paul Curran In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis. While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes Read More › Source Code Analysis
Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing Why SAST is Essential for a Security Vulnerability Assessment May 5, 2016 by Sarah Vonnegut Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices. And while it’s true that some organizations are better Read More › Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing
Application Security ProgramDeveloper Security AwarenessSecure Application DevelopmentSecure Development Why You Need an AppSec Champion on Your Side May 1, 2016 by Sarah Vonnegut If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up Read More › Application Security ProgramDeveloper Security AwarenessSecure Application DevelopmentSecure Development
HackersSource Code Analysis Do Hackers Use Source Code Analysis? Apr 27, 2016 by Amit Ashbel Your source code – along with secure application code practices – is your edge over hackers. A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities Read More › HackersSource Code Analysis
Application SecurityCross Site ScriptingDeveloper AwarenessHackingphishing Everyone Talks About Phishing, But No One Blames XSS Apr 26, 2016 by Paul Curran Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources. Read More › Application SecurityCross Site ScriptingDeveloper AwarenessHackingphishing
Application SecuritySDLCSecurity AutomationSource Code Analysisstatic code analysis Static Analysis Tools: All You Need to Know Apr 8, 2016 by Sarah Vonnegut Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch. Read More › Application SecuritySDLCSecurity AutomationSource Code Analysisstatic code analysis
Developer Security AwarenessSecure Application DevelopmentSecure CodingSecure SDLC Secure Application Development: Avoiding 5 Common Mistakes Apr 1, 2016 by Sarah Vonnegut It’s 2016 – and yet, somehow, ‘easy-to-avoid’ vulnerabilities like SQL injection and XSS can be found on websites of government agencies, Global 500 companies, as well as in highly sensitive medical and financial applications developed and deployed around the world. Two decades of the same kinds of attacks and we still haven’t gotten secure application Read More › Developer Security AwarenessSecure Application DevelopmentSecure CodingSecure SDLC
Application SecurityOpen Source AnalysisOpen Source ComponentsOpen Source SecuritySecurity Vulnerability How Secure Are Your Open Source Components? Mar 25, 2016 by Sarah Vonnegut For organizations around the world, open source code has allowed faster time to market, decreased the workload for developers and lowered costs for the organization. The ability for great minds from around the world to come together on a piece of code has given us Linux, Mozilla Firefox, WordPress, and hundreds of thousands of other Read More › Application SecurityOpen Source AnalysisOpen Source ComponentsOpen Source SecuritySecurity Vulnerability
Application SecurityData Security BreachHackingInternet Of ThingsMobile SecurityOWASP Internet of Things (IoT) – Hack My Army Mar 14, 2016 by Sharon Solomon It’s now common knowledge that the Internet of Things (IoT) revolution has infiltrated our homes, cars and offices. But even defense forces are going online, with more and more weaponry being operated remotely with the help of dedicated applications. Unfortunately, this has provided politically and criminally motivated hackers with new targets to manipulate. Is the modern army really prepared Read More › Application SecurityData Security BreachHackingInternet Of ThingsMobile SecurityOWASP
Application SecuritySecure CodingSource Code Analysisstatic code analysisVulnerability Static Code Analysis Tools – The AppSec Checklist Mar 3, 2016 by Sharon Solomon You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to Read More › Application SecuritySecure CodingSource Code Analysisstatic code analysisVulnerability