Resources & Tools

Navigate the prickly world of Application Security with this collection of blog posts on the resources and tools you need to help you secure your applications.
blog-owasp-resources

Top 5 OWASP Resources No Developer Should Be Without

Jan 09, 2018 By Sarah Vonnegut | Writing secure code is now a must for developers. The rising number of attacks on organizations big and small and the fallout for companies who’ve been breached are growing. As such, security is finally moving out of the periphery to become a mainstay for business continuity.  

Read More »
blog-a-closer-look_-owasp-top-10-application-security-risks

A Closer Look: OWASP Top 10 2017 – Application Security Risks

Dec 03, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Application Security Risks according to OWASP.

Read More »
blog-owasp-infographic

INFOGRAPHIC: OWASP Top 10 Application Security Risks

Nov 30, 2017 By Arden Rubens | The OWASP Top 10 Application Security Risks 2017 (PDF) is out. The list takes a good look at the most critical application security risks facing organizations and developers today, with the big goal of raising awareness, upping the knowledge, and helping security teams and developers release secure applications. 

Read More »
static code analysis

Static Code Analysis: Binary vs. Source

Nov 21, 2017 By Dafna Zahger | “The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant.   Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading companies across markets and fields. This leads to a variety of Static Code Analysis solutions: the technique of automatically analyzing an application’s source and binary code to find security vulnerabilities.

Read More »
blog-android-webview_-secure-coding-practices

Android WebView: Secure Coding Practices

Nov 16, 2017 By Erez Yalon | This is part one of a three-part series. Click here to read part two.  Nowadays, there is no doubt that mobile applications have changed the world in a big way. Just look at the interaction habits, for example the way people socialize as individuals or in a group has changed as what was once far away is now at our fingertips.   There is an infinite number of applications and resources available to millions of users. And as these numbers grow, security concerns raise as well.  

Read More »
blog-microservices

Continuous Security Testing for Microservices

Oct 18, 2017 By Dafna Zahger | Being a part of today’s tech-industry, you probably notice all winds blowing towards the implementation of DevOps and CI\CD methodologies, and rightfully so. Today’s software developers face an ever growing need for speedy development-to-production cycles with uncompromising security and reliability. One way of facing the speed versus quality challenge is the introduction of microservices.  

Read More »
blog-jenkins

A Closer Look: Securing with Jenkins

Aug 28, 2017 By Arden Rubens | Acclaimed by the DevOps world and best known as the leading open source automation server for continuous integration (CI) and continuous delivery (CD), Jenkins is a Java-based program designed to monitor a set of executions in a software environment. Jenkins allows developers to rapidly detect and resolve errors in the code base and boosts automated build testing.  

Read More »
blog-php-framework

An In Depth Look: Top PHP Frameworks

Aug 10, 2017 By Arden Rubens | PHP is an open source scripting language designed for web development. When the language was first released in 1994, PHP stood for Personal Home Page. Today, PHP is referred to as a backronym – PHP, Hypertext Preprocessor.   PHP is a dynamic language allowing developers run their code instantly, without having to compile it first. What makes PHP unique from other client-side languages is that the code is executed on the server which generates HTML before it’s sent to the client.  

Read More »
blog-australian-regulation-new-bill

Australia’s Mandatory Breach Notification Bill – 3 Ways to Prepare Your Organization

Jul 03, 2017 By Sarah Vonnegut | Governments are increasingly taking control of cybersecurity issues for the citizens and organizations they serve. Just last year, Europe passed the General Data Protection Regulation, or GDPR, which requires businesses who handle European citizen’s data to notify customers if they experience a data breach, as well as report it to the regulatory body. In the US, 47 out of 50 states have established state legislature touching on data breach notification requirements, and Canada requires hacked organizations to notify both customers and the Privacy Commissioner.  

Read More »
blog-abcs-to-ci

An A to Z Guide to Continuous Integration

Jun 25, 2017 By Sarah Vonnegut | The race to improve software quality and innovation has been around since the 1970s. Many processes and workflows have been created to help address the historical issues that prevent teams from developing high-quality applications quickly and reliably, yet enterprises continue their struggle to keep up.  

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE