AppSec Tips & Best Practices

Learn from AppSec success stories and discover tips and best practices for Developers, CISOs and Security Managers to help in securing every part of the SDLC.
Habits of AppSec Leaders

5 Habits of Highly Effective Application Security Leaders

Jan 26, 2015 By Sarah Vonnegut | In our global, digital world, data is king – and malicious attackers are on a constant lookout for ways to conquer the throne. With a rapidly changing business landscape,the old, reactive approaches to security are no longer enough – if they ever were. Effective application security leaders are changing their tactics to keep up with the transformations.    It shouldn’t take a security incident to make an organization pay attention to securing the applications and other areas that are so important to the business. With our ever-increasing reliance on data and the applications that carry it – and hackers ever-growing capabilities in causing more and deeper damage – this truth will only ever become more accurate.  

Read More »

15 AppSec Tips From the Top Ethical Hackers of 2014

Dec 31, 2014 By Sharon Solomon | 2014 will go down as the year of the mega-attacks. It all started off during last years holiday season with the Target hackings that affected over 100 million customers. Soon the Heartbleed and Shellshock vulnerabilities were exposed, causing havoc all across the planet. The hackings kept on coming in the latter stages of the year – the Snapchat fiasco, iCloud photo leaks and North Korean orchestrated Sony Pictures hacking just to name a few.  

Read More »

Ensuring your developers love – or at least don’t hate – security

Aug 14, 2014 By Sarah Vonnegut | This post originally appeared on  By Maty Siman, Checkmarx Founder & CTO
When it comes to an organization’s software security, there’s been a chronic disconnect between the developers who write and build the code and the security teams who audit and enforce the code’s security. This divide historically arose from common misunderstandings: programmers believe that security hinders their productivity, while security folks are frustrated that security is not at their top-of-mind.

Read More »

Building Secure Applications: How Mature Are You?

Jul 29, 2014 By Sarah Vonnegut | Dave Ferguson is back with another guest blog! Make sure you check out his blog here, and read his original post, ‘Keeping Up With The Hackers: Where to Practice Your Web Hacking Skills,’ here. Testing your software for vulnerabilities is important.  There’s no doubt about it, but if there’s something I’ve learned over the years when it comes to application security, is that you can’t test yourself secure.  The reason is that development teams are writing new code all the time and if your main approach to securing the code is testing, it quickly becomes a never-ending cycle of testing –> fixing –> repeating. This is a lot like treating the symptoms of malady. What you really want is a cure for the malady.

Read More »

7 Tips For Choosing The Right Tool To Secure Your Application

May 14, 2014 By Sharon Solomon | With more and more leading applications and websites are being hacked, internet users are thinking twice before sharing personal information online. With hacktivism, commercial espionage and criminal hackings on the rise, it has become extremely crucial to safeguard databases and make sure that adequate application-layer security is in place. Unfortunately, the responsibility for providing this security often falls on the narrow shoulders of the QA teams. Operating under tight deadlines, they already have their hands full and eventually fail to address the glaring security issues. Not all companies have the resources needed to enjoy the services of staff trained to tackle vulnerabilities. Even hiring skilled security professionals is not always “pocket-friendly”. But there is good news. Healthy coding practices and smart vulnerability tool selection can help boost your product’s “immunity” and minimize the need for post-production maintenance.

Read More »

Top 5 Symptoms Of Hacked Computers

Jan 08, 2014 By Sharon Solomon | Cybercrime has reached epidemic proportions. More and more computers are being exploited with intrusive malware and sophisticated hacking techniques. It’s very crucial to detect intrusions to minimize data loss and avoid privacy theft. 

Read More »

Stop the Neglect – Scan Your Source Code Before You Regret

Dec 11, 2013 By Sharon Solomon | Hacktivism, commercial malware and criminal exploitation have become the norm in today’s cyberspace. This worrying trend has magnified the need for a comprehensive testing solution that can be integrated into the SDLC. Enter Source Code Analysis (SCA).

Read More »

Cybersecurity Checklist For Holiday Shopping & Travel

Nov 27, 2013 By Sarah Vonnegut | For many in the U.S., the Thanksgiving weekend officially begins at the end of today’s work day and thus starts the beginning of the holiday season. This year there will already be enough pains to deal with: congested roads, packed stores and airports, not to mention messy weather. One headache you can avoid is Cybercrime, so take these fairly simple steps to keep yourself and your gadgets secure while traveling and shopping.

Read More »

5 Ways To Protect Your Work Cyberspace

Nov 18, 2013 By Sharon Solomon | With hackers compromising virtually every software platform that exists, it’s time for all of us to step up our cyber security awareness. Security issues are crucial especially at work establishments, where sensitive information and data are susceptible to attack.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.