Resources & Tools

Navigate the prickly world of Application Security with this collection of blog posts on the resources and tools you need to help you secure your applications.
blog-how-to-raise-cybersecurity-awareness

How to Raise Cybersecurity Awareness at all Levels of Your Organization

Jun 15, 2017 By Sarah Vonnegut | We’ve said it once and we’ll say it again: an organization is only as secure as its weakest link. Most, if not all, of your employees are online and on their mobile devices in your workplace, whether you have a BYOD policy in place or not. Developers release software with millions of lines of code, your management discuss and share privileged information, and the rest of the organization opens emails regardless of whether they know the sender or not.  
Read More »
blog-a-closer-look-owasp-top-10-application-security-risks

A Closer Look: OWASP Top 10 Application Security Risks

May 22, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, the OWASP Top 10 releases a list every four years consisting of the top biggest Application Security Risks.  
Read More »
blog-owasp-infographic

INFOGRAPHIC: OWASP Top 10 Application Security Risks

May 19, 2017 By Arden Rubens | The OWASP Top 10 Application Security Risks 2017 has just been released for public comment. The list takes a good look at the most critical application security risks facing organizations and developers today, with the big goal of raising awareness, upping the knowledge, and helping security teams and developers release secure applications. 
Read More »
blog-dbir-2017

Takeaways from the Verizon 2017 Data Breach Investigation Report

May 15, 2017 By Arden Rubens | The annual Verizon Data Breach Investigations Report (DBIR) was released earlier this month to much anticipation, hitting a big milestone with its tenth-anniversary edition. And once again, it’s proving to be one of the most referenced data breach reports in the cyberworld and a must-read for industry leaders and security professionals across the globe.     For this year’s DBIR, data was collected from nearly 2,000 confirmed breaches and 42,000 security incidents from 20 different industries, spanning across 84 countries. Verizon security experts analyzed the submitted data and put together an extensive look at today’s cyber-universe.  
Read More »
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills - 2016 UPDATE15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills – 2016 UPDATE

Dec 04, 2016 By Arden Rubens | As technology grows, so does the risk of getting hacked. So, it should come as no surprise that InfoSec skills are becoming more important and more in demand.
No matter if you’re a beginner or an expert, nor if you’re a security manager, developer, auditor, or pentester – you can now get started by using these 15 sites to practice your hacking skills – legally. 
          Do you have any other sites you use to practice on? Let us know below!
Read More »
threat modeling - The Ultimate Cheat Sheet

The Ultimate Cheat Sheet On Threat Modeling

Nov 08, 2016 By Arden Rubens | Security has become a major concern in recent years with hacks becoming bigger and risks becoming greater. Today’s software must be built with the ability to combat and cope with various malicious attacks, and yet, many software developers still might miss a crucial step while creating a secure SDLC (software development lifecycle) process. In order to ensure secure software development, alongside conducting risk management, one of the first steps in your SDLC should be Threat Modeling.
Read More »
Pentesting Blogs

The 13 Most Helpful Pentesting Resources

Jul 26, 2016 By Sarah Vonnegut | Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.
Read More »
what is static code review?

What is Static Code Review?

Jun 30, 2016 By Paul Curran | Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review.
These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits but also fits the requirements set forth by the organization or their customers.
Read More »
Data Security & Integrity

The Importance of Database Security and Integrity

Jun 24, 2016 By Sarah Vonnegut | Databases often hold the backbone of an organization; Its’ transactions, customers, employee info, financial data for both the company and its customers, and much more. are all held in databases, often left to the power of a database administrator with no security training. Database security and integrity are essential aspects of an organization’s security posture. Yet where data used to be secured in fire-proof, ax-proof, well-locked filing cabinets, databases offer just a few more risks, and due to their size nowadays, database security issues include a bigger attack surface to a larger number of potentially dangerous users.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE