Checkmarx Blog

AppSec Champion

Why You Need an AppSec Champion on Your Side

May 01, 2016 By Sarah Vonnegut | If you’ve ever felt the glare of developers unhappy with you for ‘making them’ fix an issue or subjecting them to a lesson in security, you’re familiar with the tension that can arise between the security and development teams. But without the development team on your side, you’ll never get your Application Security program up and running. How can you get your program to work if the team most able to make a difference – the developers – aren’t interested? You need an AppSec Champion on your side.
</Read More>
Do Hackers Use Source Code Analysis?

Do Hackers Use Source Code Analysis?

Apr 27, 2016 By Amit Ashbel | Your source code – along with secure application code practices – is your edge over hackers. 
  A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities in code.
</Read More>
xss phishing attacks

Everyone Talks About Phishing, But No One Blames XSS

Apr 26, 2016 By Paul Curran | Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources.
 
</Read More>
Whiteboard Roundup April

Need-to-Know AppSec News Stories, April 2016

Apr 21, 2016 By Sarah Vonnegut | We’re starting something new today: An AppSec news story roundup that you can either read or watch via our Whiteboard Roundup below! We look forward to helping our readers stay up-to-date with all they need to know about AppSec – so please let us know what you think below and if we’ve missed any good security stories. 
</Read More>
Secure Mobile App Development

7 Deadly Sins of Secure Mobile App Development

Apr 19, 2016 By Paul Curran | When was the last time that you left your house holding your social security card, all of your credit cards, health records, passwords and a record of all of the highly intimate messages that you’ve sent to your friends and loved ones?
 
Who would leave their house with all of this sensitive stuff? It would fill boxes and binders and no one would be foolish enough to carry it all with them at the same time, right?
</Read More>
Mobile Application Security Testing Tools

How to Get More Out of Your Mobile Application Security Testing Tools

Apr 15, 2016 By Sarah Vonnegut | Users expect the apps they download to be secure and safe, in addition to fast and feature-packed. It’s up to the organizations releasing applications – which most likely includes you, if you’re reading this – to meet (and exceed) their expectations. If you don’t meet expectations, you’re in bad luck: A 2013 study found that 88% of Americans have negative views of companies with mobile apps or sites that perform poorly or too slowly.
</Read More>
Software Security Testing

Who Needs Software Security, Anyway?

Apr 12, 2016 By Andrei Cheremskoy | In recent years, the advent of mobile and cloud computing revolution has brought to light a serious issue affecting both organizations and individuals: software security. Every day, there’s a new story we hear about some website or application being penetrated, releasing sensitive information that is sold, abused, and exploited. As a consequence, companies lose their credibility (along with hefty financial losses) and customers lose their trust in companies’ ability to secure their personal information.
</Read More>
mossack fonseca panama papers CMS connection

Panama Papers: The CMS Connection?

Apr 11, 2016 By Paul Curran | In early April 2016, reports emerged detailing history’s largest data leak, the Panama Papers.
This incredible leak of sensitive data concerning both Mossack Fonseca and their clients contained 2.6 TB of data which included 11.5 million documents relating to over 200,000 companies and exposed the hidden fortunes of politicians, dictators and the super-rich. In comparison to understand the size and significance of this leak, the 2010 Wikileaks from 2010 which contained a mere 1.7GB of data.
</Read More>
Static Analysis Tools

Static Analysis Tools: All You Need to Know

Apr 08, 2016 By Sarah Vonnegut | Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.
</Read More>
Google Vendor Security Review

Google Vendor Security Review Tool Goes Open Source

Apr 07, 2016 By Paul Curran | In an ongoing effort to share their knowledge and expertise, Google recently announced on its security blog that they have released to open source their Vendor Security Assessment Questionnaire (VSAQ) on GitHub under the Apache License Version 2. The Google Vendor Security Review Tool questionnaire is used by Google to evaluate the quality of security and privacy for hundreds of vendors each year. Each of the four questionnaires that they have made available consist of a series of questions that adapt and adjust based on the responses in a way that The Register refers to as a, “choose-your-own-adventure,” style of questionnaire.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly
TRY ME
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.
SUBSCRIBE