Checkmarx Blog

Why Security and DevOps Desperately Need Couples Counseling

While at the 2018 Black Hat Conference in Las Vegas I asked attendees point blank if they think that security and DevOps should be in couples counseling. The universal response was a laugh and then a resounding, “Yes.” The reason couples go to counseling is because they’re not getting along. They’re not communicating. Usually, only the

Read More ›

Checkmarx Report: Tackling Software Exposure in the DevOps Cycle

Today, in an effort to better understand the evolving nature of software delivery and the role security plays, we released a new report, “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle,”which we commissioned with FreeForm Dynamics in coordination with The Register. The report aggregates input from 183 respondents worldwide, the majority

Read More ›

20 Ways to Make Application Security Move at the Speed of DevOps

Security has been getting a bad rap. For far too long the perceived “inhibitors” have been sidestepped by DevOps in an effort to increase productivity. As Ryan Davidsen, vp, worldwide security solutions, Secureworks, noted, “Traditional approaches for integrating security oversight with application development aren’t keeping pace with the speed required by today’s DevOps teams.” But

Read More ›

Introducing the Checkmarx Certified Engineer Program (CxCE)

If you were to take a look at the current job market for developers, application security engineers, solution architects, penetration testers, or systems engineers, it’s clear that application security testing skill sets are in high demand. You’ll also notice that Checkmarx has become synonymous with application security testing. Gartner further validated this by naming Checkmarx

Read More ›

ReDoS in Go

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features.   In this blog post, we will recap Go’s security posture facing Regular Expression Denial of

Read More ›

Eavesdropping with Amazon Alexa

If you’re using an Amazon Echo, your life is undoubtedly made easier. Instead of searching on your phone the “old fashioned” way, you can simply ask Alexa what the weather is like, to play your favorite song, or to dim the lights. For the Echo, similar to the Google Home with voice assistant, listening is

Read More ›

Decrypting JobCrypter

Ransomware has been a growing issue for some time now. It has evolved into a big business, moving millions of dollars yearly from victims’ pockets into those of attackers. The modus operandi of ransomware authors is to infect your machine through any vector (phishing, drive-by browser exploits, waterholing, etc.) and then proceed to encrypt your important files.

Read More ›

How Secure is Your Online Banking App?

Banking has gone digital. Nearly every major bank offers both an online portal as well as a mobile app, and people seem to prefer it that way. A recent PwC survey found that 46% of consumers only use online banking, a massive jump from their previous survey in 2012, in which only 27% used online

Read More ›

The History of JavaScript [INFOGRAPHIC]

JavaScript was created by Brendan Eich, a Netscape Communications Corporation programmer, in September 1995. It took Eich only 10 days to develop the scripting language which was then known as Mocha.  

Read More ›

Jump to Category