Application SecurityData Security BreachVulnerabilityWeb Application Security Keys to Avoiding Data Security Breaches Nov 17, 2016 by Arden Rubens Data security breaches and exploits continuously make headlines as online organizations and applications are under constant attack by cyber criminals. The number of data breaches are increasing drastically year to year putting millions of people at risk of identity theft and fraud. A consequential data breach has the power to wreck company assets while taking Read More › Application SecurityData Security BreachVulnerabilityWeb Application Security
CSRFHackerspanama papersXSS 3 Web Application Security Lessons from Recent Vulnerabilities and Exploits Nov 13, 2016 by Paul Curran 2016 has been a hot year for hackers and this trend shows no sign of stopping. Major hacks and the breached data released as a result over the course of 2016 have led to millions in losses for the organizations who failed in establishing proper web application security. The now-infamous Yahoo hack cast some shades Read More › CSRFHackerspanama papersXSS
SDLCSecure SDLCstatic code analysis The Best Ways to Ensure a Lasting Secure SDLC Aug 5, 2016 by Sarah Vonnegut To start the discussion on why a Secure SDLC is more important now than ever, we need to take a look at the evolution in applications and how they’re being secured. Both applications and the way organizations are tasked with securing them have changed dramatically over the past few decades. Read More › SDLCSecure SDLCstatic code analysis
Ethical Hackinginformation securitysecurity awarenessSocial Engineering A Quick Guide to Ethical Hacking + Top Hacking Tools May 16, 2016 by Sarah Vonnegut They say the best defense is a great offense – and with application security, that’s certainly a big factor in staying ahead of the hackers. Organizations keen on keeping malicious hackers out of their systems will use any number of offensive measures as a way to find the kinds of holes attackers could use against Read More › Ethical Hackinginformation securitysecurity awarenessSocial Engineering
Source Code Analysis Source Code versus Bytecode Analysis May 11, 2016 by Paul Curran In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis. While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes Read More › Source Code Analysis
Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing Why SAST is Essential for a Security Vulnerability Assessment May 5, 2016 by Sarah Vonnegut Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices. And while it’s true that some organizations are better Read More › Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing
Application Security ProgramDeveloper Security AwarenessSecure Application DevelopmentSecure Development Why You Need an AppSec Champion on Your Side May 1, 2016 by Sarah Vonnegut If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up Read More › Application Security ProgramDeveloper Security AwarenessSecure Application DevelopmentSecure Development
HackersSource Code Analysis Do Hackers Use Source Code Analysis? Apr 27, 2016 by Amit Ashbel Your source code – along with secure application code practices – is your edge over hackers. A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities Read More › HackersSource Code Analysis
Application SecurityCross Site ScriptingDeveloper AwarenessHackingphishing Everyone Talks About Phishing, But No One Blames XSS Apr 26, 2016 by Paul Curran Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources. Read More › Application SecurityCross Site ScriptingDeveloper AwarenessHackingphishing
Application SecuritySDLCSecurity AutomationSource Code Analysisstatic code analysis Static Analysis Tools: All You Need to Know Apr 8, 2016 by Sarah Vonnegut Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch. Read More › Application SecuritySDLCSecurity AutomationSource Code Analysisstatic code analysis