Introducing Checkmarx Software Composition Analysis (CxSCA)

AppSec Tips
& Best Practices

Learn from AppSec success stories and discover tips and best
practices for Developers, CISOs and Security Managers to help
in securing every part of the SDLC.

A Quick Guide to Ethical Hacking + Top Hacking Tools

They say the best defense is a great offense – and with application security, that’s certainly a big factor in staying ahead of the hackers. Organizations keen on keeping malicious hackers out of their systems will use any number of offensive measures as a way to find the kinds of holes attackers could use against

Read More ›

Source Code versus Bytecode Analysis

In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis. While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes

Read More ›

Why SAST is Essential for a Security Vulnerability Assessment

Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices.   And while it’s true that some organizations are better

Read More ›

Why You Need an AppSec Champion on Your Side

If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up

Read More ›

Do Hackers Use Source Code Analysis?

Your source code – along with secure application code practices – is your edge over hackers.    A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities

Read More ›

Everyone Talks About Phishing, But No One Blames XSS

Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources.  

Read More ›

Static Analysis Tools: All You Need to Know

Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.

Read More ›

Secure Application Development: Avoiding 5 Common Mistakes

It’s 2016 – and yet, somehow, ‘easy-to-avoid’ vulnerabilities like SQL injection and XSS can be found on websites of government agencies, Global 500 companies, as well as in highly sensitive medical and financial applications developed and deployed around the world. Two decades of the same kinds of attacks and we still haven’t gotten secure application

Read More ›

How Secure Are Your Open Source Components?

For organizations around the world, open source code has allowed faster time to market, decreased the workload for developers and lowered costs for the organization. The ability for great minds from around the world to come together on a piece of code has given us Linux, Mozilla Firefox, WordPress, and hundreds of thousands of other

Read More ›

Jump to Category