Resources & Tools

Navigate the prickly world of Application Security with this collection of blog posts on the resources and tools you need to help you secure your applications.
blog-how-to-raise-cybersecurity-awareness

How to Raise Cybersecurity Awareness at all Levels of Your Organization

Jun 15, 2017 By Sarah Vonnegut | We’ve said it once and we’ll say it again: an organization is only as secure as its weakest link. Most, if not all, of your employees are online and on their mobile devices in your workplace, whether you have a BYOD policy in place or not. Developers release software with millions of lines of code, your management discuss and share privileged information, and the rest of the organization opens emails regardless of whether they know the sender or not.  

Read More »
blog-dbir-2017

Takeaways from the Verizon 2017 Data Breach Investigation Report

May 15, 2017 By Arden Rubens | The annual Verizon Data Breach Investigations Report (DBIR) was released earlier this month to much anticipation, hitting a big milestone with its tenth-anniversary edition. And once again, it’s proving to be one of the most referenced data breach reports in the cyberworld and a must-read for industry leaders and security professionals across the globe.     For this year’s DBIR, data was collected from nearly 2,000 confirmed breaches and 42,000 security incidents from 20 different industries, spanning across 84 countries. Verizon security experts analyzed the submitted data and put together an extensive look at today’s cyber-universe.  

Read More »
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills - 2016 UPDATE15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills – 2016 UPDATE

Dec 04, 2016 By Arden Rubens | As technology grows, so does the risk of getting hacked. So, it should come as no surprise that InfoSec skills are becoming more important and more in demand.
No matter if you’re a beginner or an expert, nor if you’re a security manager, developer, auditor, or pentester – you can now get started by using these 15 sites to practice your hacking skills – legally. 
          Do you have any other sites you use to practice on? Let us know below!

Read More »
threat modeling - The Ultimate Cheat Sheet

The Ultimate Cheat Sheet On Threat Modeling

Nov 08, 2016 By Arden Rubens | Security has become a major concern in recent years with hacks becoming bigger and risks becoming greater. Today’s software must be built with the ability to combat and cope with various malicious attacks, and yet, many software developers still might miss a crucial step while creating a secure SDLC (software development lifecycle) process. In order to ensure secure software development, alongside conducting risk management, one of the first steps in your SDLC should be Threat Modeling.

Read More »
Pentesting Blogs

The 13 Most Helpful Pentesting Resources

Jul 26, 2016 By Sarah Vonnegut | Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.

Read More »
what is static code review?

What is Static Code Review?

Jun 30, 2016 By Paul Curran | Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review.
These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits but also fits the requirements set forth by the organization or their customers.

Read More »
Data Security & Integrity

The Importance of Database Security and Integrity

Jun 24, 2016 By Sarah Vonnegut | Databases often hold the backbone of an organization; Its’ transactions, customers, employee info, financial data for both the company and its customers, and much more. are all held in databases, often left to the power of a database administrator with no security training. Database security and integrity are essential aspects of an organization’s security posture. Yet where data used to be secured in fire-proof, ax-proof, well-locked filing cabinets, databases offer just a few more risks, and due to their size nowadays, database security issues include a bigger attack surface to a larger number of potentially dangerous users.  

Read More »
White Box vs Black Box

White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms?

Mar 28, 2016 By Amit Ashbel | When I feel ill, I take a trip to my doctor.  At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor).
The Black Box approach
The doctor’s initial prognosis for a regularly healthy person is usually based on visible symptoms and information reported by the patient. A runny nose could indicate a simple cold. However, it can also indicate the flu, allergies, sinusitis, deviated septum and sometimes, it could even indicate pregnancy. If symptoms don’t persist or increase in severity, the doctor will maintain their prognosis and assign a standard treatment.

Read More »
Application Security Knowledge

10 Easy Ways to Increase Your Application Security Knowledge

Mar 18, 2016 By Sarah Vonnegut | If you’re new to the world of security, in whatever capacity, gaining a good understanding of AppSec can seem daunting and distant – but don’t fear. Becoming more application security aware doesn’t have to be hard or time-consuming. It can be as easy as taking a few minutes out of every day to advance your application security knowledge to a higher level – no matter where it stands today.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE