Resources & Tools

Navigate the prickly world of Application Security with this collection of blog posts on the resources and tools you need to help you secure your applications.
Application Security Vulnerabilties

Understanding Application Security Vulnerabilities: Part One

Mar 04, 2016 By Sarah Vonnegut | As hackers start attacking our applications more and more, it is imperative that organizations begin treating security testing with the same enthusiasm they give to quality testing. Just like if there are major functionality issues or a feature isn’t working the product doesn’t ship – the same attitude needs to go for deploying  with major application security vulnerabilities.   This requires a shift in the company culture that makes security seen as everyone’s responsibility – not just the security teams. One of the best ways to help facilitate that change is to spread security awareness among the different stakeholders, educating them in how to take responsibility for security in their jobs.   For CISOs, it may be discussions around the ROI of security testing; for non-technical employees that may include security awareness courses on how to avoid phishing campaigns. For developers, that education needs to be a bit more in depth – developers, after all, are the ones writing the code that needs to be better secured.  

Read More »
Code Analysis Tools

Static Code Analysis Tools – The AppSec Checklist

Mar 03, 2016 By Sharon Solomon | You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to your organization. Hence, a successful application security program involves picking the right solution for your technical needs, along with features needed for full engagement.

Read More »

The Cybersecurity Organizations & Resources You Need to Know

Feb 12, 2016 By Sarah Vonnegut | No matter where you are on your journey in security, there is always room to keep learning. Especially in the security industry, it’s important to aim for a deep understanding of software and how applications interact on the web. In such a dynamic field, there’s no doubt the learning will never end.   Luckily for students of cybersecurity, there are plenty of organizations doing the hard work to help us better understand what we’re working to protect, and how best to secure our own organizations. These organizations are helping fight the “cyber battles” – and are helping us do the same. From nonprofits to university centers to government-funded research facilities, the security industry has its’ bases covered. There’s a never-ending mountain of high-quality research and guides anyone interested can access – if you know the right places to look.

Read More »
Application Security Resources

21 Application Security Resources No Developer Should Be Without

Dec 11, 2015 By Sarah Vonnegut | The truth of the matter is, you have no idea what will happen to your code once your application is released. Your code may be used again down the line, it may be altered – and it will most certainly be used in ways you never imagined. Can you start to see why security does actually play an important role in organizations which develop applications?   Luckily, if you’re in a position where you interact with code, you have a direct way to help better secure our applications and devices. And with that power comes responsibility – the responsibility of playing your part in helping secure the world’s software.   To help get those working with code a boost in your security education, we’ve curated a collection of application security resources to assist any developer, wherever you are on your journey into the arduous (yet rewarding) world of application security. Because when it comes to Application Security, your education is never complete.

Read More »
Blog Headers

13 More Hacking Sites to (Legally) Practice Your InfoSec Skills

Nov 06, 2015 By Sarah Vonnegut | Read the first post, 15 Vulnerable Sites to (Legally) Practice Your Hacking Skills here.   There’s a well-known saying that before you judge someone you should always “walk a mile in the other person’s shoes.”  You can’t get the full picture behind a person without first living like they do and understanding what goes on in their heads.     In organizations around the world, there’s a big push to be more “security aware,” and it’s an important part of our jobs. We’re defenders, and we have a big job to do in making sure our applications and systems are secure from any threat that might come at us. But there’s another side to being good at defending your applications and systems. Those dealing with security also need to “walk a mile in the other persons shoes” – but in our case, it’s about understanding the attackers side not so we can empathize, but so we can minimize the risks posed by and to our applications.   

Read More »

21 Awesome Talks and Resources on Security and DevOps

Jun 22, 2015 By Sarah Vonnegut | As we wrote about last week, the explosion of DevOps – with 88% of businesses saying they’ve adopted or will adopt DevOps within the next five years – has made it clear that we need to tightly integrate security in the fast-paced, iterative cultures that are DevOps organizations.   We can’t fight DevOps, if we ever did. DevOps is good all around when done right – and security plays a big part in helping DevOps organizations thrive. And luckily for you, lots of security and DevOps people already have experience in how to work in harmony together – and even better, they want to pass their knowledge along. There is some great watching and reading material to draw inspiration, ideas and advice from – so we gathered up 21 of the best talks and other resources we’ve seen to help you along the way.   

Read More »
cyber security blogs

29 Cyber Security Blogs You Should Be Reading

May 21, 2015 By Sarah Vonnegut | Staying up-to-date is important for lots of reasons, but when you’re a Cyber Security professional, knowing about the latest tech, breaches, vulnerabilities,etc. is pretty much essential to your career. If you miss out on an important piece of news, your organization could miss out on much more.   More than just knowing what’s going on, though, keeping current in cyber security news is an opportunity to absorb and uncover innovative ideas surrounding InfoSec and the way you do your job.

Read More »

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

Apr 16, 2015 By Sarah Vonnegut | They say the best defense is a good offense – and it’s no different in the InfoSec world. Use these 15 deliberately vulnerable sites to practice your hacking skills so you can be the best defender you can – whether you’re a developer, security manager, auditor or pen-tester. Always remember: Practice makes perfect! What other sites have you used to practice on? Let us know below! 15 Vulnerable Sites To (Legally) Practice Your Hacking Skills //
View more lists from Checkmarx Now that you’ve mastered your offensive security skills, make sure you understand what you’re defending against with our AppSec Beginner’s Guide!

Read More »
16 CISOs You Should Be Following on

16 CISOs and Security Leaders You Should be Following on Twitter

Feb 26, 2015 By Sarah Vonnegut | A few months ago we published an article, ’21 AppSec & Security Gurus You Should Be Following on Twitter,’ and even we were surprised with the buzz it created. It seems we had hit a chord with our readers, who are apparently pining for new security people to follow on Twitter. So, to feed your hunger for ‘security twits’, we decided to double down and create a list of the best tweeters of security related news and info by security leaders heading organizations – the CISOs and CSOs.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.