Checkmarx Blog

Secure Software Development

Secure Software Development Tips – Interview with Josh Feinblum

Oct 25, 2016 By Paul Curran | The fourth, and final, interview in our 2016 National Cyber Security Awareness Month series is with Josh Feinblum, the VP of Information Security at Rapid7. In this series, we have gotten tips for accelerating application security with Dan Cornell of the Denim Group, received insights about managing open source security with Rami Sass of WhiteSource and learned about the importance of security awareness training with Checkmarx’s own founder and CTO Maty Siman.
Read More »
Secure Coding Job Interview Questions

7 Secure Cyber Security Interview Questions (and Answers)

Oct 19, 2016 By Kevin Beaver | The dreaded job interview. From small talk to tough questions – it’s the true testing time for the interviewee. But if you’re the interviewer, control – and advantage – is on your side. When interviewing candidates for job positions that involve secure coding, i.e. development, QA, or related information security roles, what should you ask? Do you stick it to them with super-technical questions and allow them to show off their technical prowess or do you throw them some seemingly softball-type questions that, in the end, better showcase how they think, their personalities, and business skills? Read these 7 secure coding job interview questions below to find out. 
Read More »
application security awareness training

The Importance of Application Security Awareness Training – Interview with Maty Siman

Oct 18, 2016 By Paul Curran | The third in our series of 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Maty Siman, founder and CTO here at Checkmarx. 
Maty is passionate about secure programming and moving secure development education and awareness away from the “back seat” that security has traditionally taken for programmers. Read Maty’s advice for organizations who want to scale their security in 2017 as well as his recommendation for application security awareness training in the interview below.
Read More »
secure coding practices

7 Point Plan for Sustainable Secure Coding Practices

Oct 13, 2016 By Paul Curran | Gartner estimates that through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Month after month, major organizations face major hacks and breaches which often involve security vulnerabilities that are well known to security professionals. From SQL injections to weak encryption, the astronomical costs associated with exploits which can, and should be, remediated prior to production, should make organizations constantly reconsider, revisit and revise their software development lifecycle and strive towards creating a secure software development lifecycle (sSDLC). Read these tips for sustainable and secure coding practices and be sure to add your own in the comment section below!
Read More »
open source security with Rami Sass

Managing Open Source Security – Interview with Rami Sass

Oct 10, 2016 By Paul Curran | The second in our series of our 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Rami Sass, co-founder and CEO at WhiteSource, the solution that helps engineering executives all over the world to effortlessly manage the use of open source components in their software.
Read More »
AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

Oct 05, 2016 By Paul Curran | As a part of our ongoing initiative to help “Developers Vote Security” for 2016’s National Cyber Security Awareness Month, Checkmarx has published our Application Security Guide for Beginners as a detailed and concise resource that covers the key concepts and top keywords in the field of application security. From what is needed to create a secure software development lifecycle (SDLC) to the top threats facing applications and their consequences, this quick playbook covers it all when it comes to secure coding practices. This guide to secure development is divided into four categories: Code Development Methodologies, Code, Application Security Solutions and Common threats and their impacts.
Read More »
How to Accelerate Application Security: Interview with Dan Cornell, Denim Group CTO

2016 Cybersecurity Awareness Month: How to Accelerate Application Security – Interview with Dan Cornell

Sep 29, 2016 By Paul Curran | This October 2016, Checkmarx is celebrating National Cybersecurity Awareness Month (NCSAM) with content focused on educating and empowering developers about secure coding practices under the slogan “Developers Vote Security.”   As more and more organizations across all verticals speed up their development and adopt DevOps, the responsibility of security is increasingly falling into the hands of the developers during the development stages of the SDLC as the windows for security testing in the later stages continue to shrink.
Read More »
securing the online financial sector with source code analysis feature image

Securing the Online Financial Sector with Source Code Analysis

Sep 21, 2016 By Paul Curran | The financial sector is under constant attack by cyber criminals. In fact, banks are attacked four times more than other industries. Large bank hacks and exploits continually made headlines over 2015 and that trend continues as we progress into Q4 of 2016. What are the major cyber threats facing organizations in the financial and banking sectors, what steps can these organizations take in order to secure their code and what role can source code analysis play in securing banking applications against attackers?
Read More »
cms security tips - feature graphic

Is Your Site Secure? CMS Security Tips from a Canadian Forum Hack

Sep 19, 2016 By Paul Curran | In June 2016, news of a massive hack on the Canada-based forum hosting company VerticalScope spread swiftly around various security blogs and tech news websites. In this attack, hackers were able to steal and leak 45 million records from over 1,000 forums and websites that were included in the VerticalScope network. Amongst their biggest websites, were,, and more. Read on to find out how the attackers were able to gain access to their database and content management system (CMS) and discover how you can keep your CMS secure.
Read More »

ABC’s of Salesforce’s Apex Coding Language [Infographic]

Sep 14, 2016 By Paul Curran | With Salesforce’s giant annual conference, Dreamforce, fast approaching in early October, now’s the time to brush up on their proprietary programming language, Apex. As a strongly typed, object-oriented programming language, Apex allows developers to execute flow and transaction control statements on the platform server while performing calls to the API.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.