Checkmarx Blog

Secure JavaScript Applications

The Only Way to Build Effective and Secure JavaScript Applications

Jul 20, 2016 By Paul Curran | JavaScript is everywhere. It runs on your smartphone, personal computer and even on your server. That much power comes with a lot of responsibility. Keeping JavaScript code clean and secure is the only responsible way to write JavaScript.
Given the vast proliferation of JavaScript, there is a myriad of ways to write poor code as everyday hackers target popular languages and come up with innovative exploits. This leaves an interpreted language such as JavaScript vulnerable unless you take the proper defensive measures.
Let’s examine the ways you can write clean and secure JavaScript.
Read More »
Pokemon malicious mobile

Malicious Mobile Apps and Pokemon GO Hacks: A Brief History + Infographic

Jul 18, 2016 By Sarah Vonnegut | The Pokemon GO craze has blown up since it was released on July 6th, with the number of daily users topping Tinder, Snapchat, Instagram and Facebook. Video after video depicts people you never thought would be into Pokemon roaming around public parks and stores with their phone in their hand, on the hunt for Jigglypuffs and Pikachus.  
Read More »
June Breaches

The Biggest Breaches and Hacks of June 2016 Infographic

Jul 07, 2016 By Paul Curran | Each month, we hear about a whole new cascade of security breaches that each bring to mind that saying that the definition of insanity is doing the same thing over and over and expecting different results.  June was no different.    Starting the month off was a massive MySpace hack that could end up being the biggest breach of all time with over 360 million usernames and passwords stolen. Mid-month we learned of a possible Wendy’s POS breach and of a rogue T-Mobile employee trying to pilfer customer data on the dark web. And just last week, the Quora account of Google CEO Sundar Pinchai was hacked.
Read More »
devops + security-01

4 Keys To Integrating Security into DevOps

Jul 01, 2016 By Sarah Vonnegut | Faster, predictable releases, lower development costs, and a market constantly demanding new features and products have made the ecosystem ripe for the emergence of a new way of developing software. The development world responded to those demands, bringing the DevOps movement from unknown into the mainstream. Multiple releases a day would have been unheard of 10 to 15 years ago. Today it’s the norm.
Read More »
what is static code review?

What is Static Code Review?

Jun 30, 2016 By Paul Curran | Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review.
These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits but also fits the requirements set forth by the organization or their customers.
Read More »
Top JavaScript Frameworks

Top JavaScript Frameworks for Web Applications

Jun 27, 2016 By Paul Curran | JavaScript is the language behind nearly 90% of all websites today, but what are the top JavaScript frameworks for web applications? Since first launching back in September 1995, JavaScript continues to dominate as the most popular programming language in the world.
Read More »
Data Security & Integrity

The Importance of Database Security and Integrity

Jun 24, 2016 By Sarah Vonnegut | Databases often hold the backbone of an organization; Its’ transactions, customers, employee info, financial data for both the company and its customers, and much more. are all held in databases, often left to the power of a database administrator with no security training. Database security and integrity are essential aspects of an organization’s security posture. Yet where data used to be secured in fire-proof, ax-proof, well-locked filing cabinets, databases offer just a few more risks, and due to their size nowadays, database security issues include a bigger attack surface to a larger number of potentially dangerous users.  
Read More »
OWASP Mobile Top 10 Vulnerabilities

OWASP Mobile Top Ten: Avoiding The Most Common Mobile Vulnerabilities

Jun 10, 2016 By Sarah Vonnegut | Another week, another mobile app fiasco. This time around, we learned how an IoT connected car can be controlled through the WiFi installed in the car, enabling Mitsubishi Outlander car owners – as well as attackers – to wirelessly connect to the car’s console, allowing them to do things like turn off the car alarm and mess with the car’s system.
  Even tech giants as big as Apple have struggled with mobile app insecurity issues. Last September, the App Store was hit with its own security scandal when Chinese developers used unofficial versions of Apple’s developer toolkit. That move invited malware into apps that somehow passed through Apple’s security standards and were made available to the masses.   Technology is moving fast – perhaps a bit too fast, if we’re factoring in the ability of organizations to implement high security standards throughout the ranks. But slowing down is not a possibility – security cannot afford to lag behind.
Read More »
Verizon 2016 Data Breach Investigation Report

Verizon 2016 Data Breach Investigation Report – Takeaways

Jun 09, 2016 By Paul Curran | For the ninth consecutive year, Verizon has published its annual Data Breach Investigations Report (DBIR). Read on to find out Checkmarx’s key takeaways from the Verizon 2016 Data Breach Investigations Report report.
The 2016 Data Breach Investigations Report is based on a final dataset of 62,199 security incidents and 2,260 data breaches. These incidents affect organizations in more than 82 countries and the victims are organizations varying in both industry and size.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

REQUEST A DEMO
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.