Checkmarx Blog

Cyber Crime Statistics Infographic

Cyber Crime Statistics Infographic

May 25, 2016 By Paul Curran | How much are cyber attacks costing organizations across the world? Which breaches are the most costly to fix and how prepared are these organizations? Find out in our cyber crime statistics infographic below.
</Read More>
getting management on your side with application security

Great Ways to get Management on Your Side with Application Security

May 23, 2016 By Kevin Beaver |  
When it comes to application security, I’ve yet to meet an IT or security professional who hasn’t struggled with getting – and keeping – management on board. The challenges of executive support for security initiatives know no boundaries. Getting management on your side with application security can be a constant battle, what can you do about it?
</Read More>
Do developers at Facebook use PHP Static analysis tools

Do Developers at Facebook use PHP Static Analysis Tools?

May 19, 2016 By Paul Curran | Since its humble beginnings, PHP and Facebook have had an interesting relationship. PHP was at the heart of Facebook code, and in many ways still remains that way, but do developers at Facebook use PHP Static analysis tools?
</Read More>
Source Code versus Bytecode

Source Code versus Bytecode Analysis

May 11, 2016 By Paul Curran | In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis.
While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes to gauging inherent software risk, which method will expose more vulnerabilities? Which method should your organization be using?
</Read More>
Type of Hacker

What Type of Hacker Are You?

May 10, 2016 By Sarah Vonnegut | While movies and TV shows have made the term ‘hacker’ variations of awful stereotypes, all sorts of hackers, good and bad exist in the world. Maybe you’re one of them – or perhaps you wish you were. Want to know what type of hacker you’d be if you were? Take the quiz and find out!
</Read More>
OpenSSL Vulnerabilities

OpenSSL Vulnerabilities: Takeaways from the Latest Patch

May 06, 2016 By Sarah Vonnegut | The OpenSSL project this week released a series of patches to combat six vulnerabilities that have been discovered as of late, including two high-severity flaws that would give attackers the ability to decrypt HTTPS traffic, execute malicious code on vulnerable servers, and possibly even cause servers to crash. Ironically, one of the flaws was actually inadvertently implemented as part of the fix for the Lucky 13 flaw that was discovered in 2013.
</Read More>
Security Vulnerability Assessment

Why SAST is Essential for a Security Vulnerability Assessment

May 05, 2016 By Checkmarx Guest Author | Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices.
  And while it’s true that some organizations are better at this than others (or sometimes just luckier), the fact remains that nobody needs to be reminded that security vulnerability assessments are worthwhile.
</Read More>
cyber terrorism

Cyber Terrorism – How Real is the Threat?

May 04, 2016 By Paul Curran | As our dependency on the internet increases from our phones to our streets, hospitals and cities, so do the threats posed by cyber terrorism. “Cyber terrorism” is a contested term that can erroneously include acts of “hacktivism” and internet vandalism which do not directly threaten the lives and livelihoods of their victims. The potential threats posed by cyber terrorism are daunting, but are they really within the reach of cyber terrorists?
</Read More>
AppSec Champion

Why You Need an AppSec Champion on Your Side

May 01, 2016 By Sarah Vonnegut | If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up and running. How can you get your program to work if the team most able to make a difference – the developers – aren’t interested? You need an AppSec Champion on your side.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly
TRY ME
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.
SUBSCRIBE