Checkmarx Blog

Web Application Firewalls

Web Application Firewalls (WAFs): Ethical Hacker Exposes His Secrets

Nov 18, 2015 By Sharon Solomon | In an age where cybercrime is escalating exponentially, picking the right security solution has become extremely crucial. Web Application Firewalls (WAFs) are highly regarded by many leading InfoSec experts, but Pakistani ethical hacker and AppSec expert Rafay Baloch thinks otherwise. To make matters more interesting, he also has the required expertise and POCs to back up his claims.  
</Read More>
Blog Headers (1)

DevSecOps: 4 Best Practices the Pros Teach Us About Security and DevOps

Nov 13, 2015 By Sarah Vonnegut | Developers and engineers all around the world are deploying code hundreds of thousands of times a day. Hundreds of millions of lines of code are churned out on a monthly basis, and it’s only going to get faster. Yet the security industry continues to kick our feet about DevOps.   But security teams can’t afford to continue the tip-toeing act we’ve been doing around DevOps. We need to find a way to better integrate our security needs within DevOps processes – and we need to do it fast.  DevOps is here, and it’s up to the security team to determine how security processes and tools will fit into the mix – or risk being edged out.  
</Read More>
Secure iOS App Development

40 Tips You Must Know About Secure iOS App Development

Nov 10, 2015 By Sharon Solomon | The iPhone is arguably the most desired smartphone on the planet today, thanks to its shiny metallic hardware and user-friendly iOS 9 mobile platform. Despite Google leading the numbers-game with its open-source Android mobile platform, iOS is often considered to be the safer of the two due to Apple’s stricter security policy and its willingness to sacrifice customizability for the cause. But even this platform has its fair share of vulnerabilities and potential security loopholes that need to be addressed by the developers.
</Read More>
Blog Headers

13 More Hacking Sites to (Legally) Practice Your InfoSec Skills

Nov 06, 2015 By Sarah Vonnegut | Read the first post, 15 Vulnerable Sites to (Legally) Practice Your Hacking Skills here.   There’s a well-known saying that before you judge someone you should always “walk a mile in the other person’s shoes.”  You can’t get the full picture behind a person without first living like they do and understanding what goes on in their heads.     In organizations around the world, there’s a big push to be more “security aware,” and it’s an important part of our jobs. We’re defenders, and we have a big job to do in making sure our applications and systems are secure from any threat that might come at us. But there’s another side to being good at defending your applications and systems. Those dealing with security also need to “walk a mile in the other persons shoes” – but in our case, it’s about understanding the attackers side not so we can empathize, but so we can minimize the risks posed by and to our applications.   
</Read More>

The State of Mobile App Security

Nov 05, 2015 By Amit Ashbel | The mobile application industry is growing at an explosive pace, yet security issues of mobile applications are lagging behind. Incidents of mobile application hacking have increased exponentially as attackers and attacks have evolved, using both new and well-known methods of attack to infiltrate apps and collect the as much data as possible. The impact on businesses and end-users is exponentially growing. With more than 1.5 million apps available in the two main app stores, Apple and Android, and hundreds of billions of downloads to date, the mobile landscape has quickly become the main playground for hackers and attackers.
</Read More>
Internet of Things (IoT) - Hack My Home

Internet of Things (IoT) – Hack My Home

Nov 02, 2015 By Sharon Solomon | Once a luxury reserved exclusively for the uber-technical or super-rich, the Internet of Things (IoT) phenomenon is invading our private dwellings at an astonishing pace. This revolution has basically connected all commonly used home appliances to the internet. Tech giants worldwide are investing a lot of resources in creating their own Internet of Things (IoT) eco-systems. Unfortunately a lot of this is happening in an unprotected manner, putting millions of people and homes at risk.
</Read More>
Securing PhoneGap Apps

The Worst PhoneGap Security Issues And How To Avoid Them

Oct 23, 2015 By Sarah Vonnegut |   Mobile devices have exploded in our modern world. And with the explosion have come implications. Business can be conducted anywhere now, and high-value documents and data can easily be read and shared on the go. While this may be great for productivity levels and greater flexibility, security risks only seem to increase as more cell phones and tablets hit the marketplace.   The customers who use our mobile apps aren’t necessarily thinking about security as they use their phones to do any number of things – and it’s on us if our applications are hit by hackers. Each mobile operating system (OS) comes with its own security risks, and developing secure applications for different platforms, written (and secured) in the appropriate language for the platform, can get tricky.
</Read More>
Web Browser Security

All You Wanted To Know About Web Browser Security

Oct 21, 2015 By Sharon Solomon | The web browser has come a long way since its invention in late 1990. Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Explorer/Edge have now taken the world by storm with their evolving user-friendly features. They have boosted productivity significantly thanks to their seamless integration with leading third-party applications and plug-ins. Unfortunately, web browser security is an aspect that is overlooked more often than not.
</Read More>
Celebrating National Cyber Security Awareness Month

Celebrating National Cyber Security Awareness Month

Oct 12, 2015 By Sarah Vonnegut | If you’re in need of a great excuse to strengthen – or start – an application security awareness program for your developers, this month is it. October, as you may already know, is National Cyber Security Awareness Month (NCSAM), and hundreds of security-focused organizations, including us, have come together in support of a more secure future for all.   Checkmarx is excited to have partnered up with the National Cyber Security Alliance (NCSA) and the Department of Homeland Security in promoting security awareness, and this year our aim is to raise awareness for application developers. As part of our participation in this year’s Cyber Security Awareness initiative, we’ve launched a site,, dedicated – in October and throughout the year – to teaching developers how to write better, more secure code.  
</Read More>
Application Security Testing-

Application Security Testing: 7 Steps to a Recipe for Success

Sep 10, 2015 By Sarah Vonnegut | Security tools are becoming more and more popular throughout the world of tech, and for security enthusiasts, and it should be something to celebrate about. But, in reality, we still have a long way to go when it comes to the actual use of the tools.
We’ve known for years about the major gap between security and development, and we’re getting better. But while the proliferation of the DevOps movement has made organizations realize that security is essential to agile processes, we’re still missing a piece of the puzzle. Because while the purchase of security solutions might be increasing, developer use isn’t quite on par.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.