Checkmarx Blog

blog-history-of-appsec

The History of Application Security Testing – Part 1

Feb 27, 2017 By Sarah Vonnegut | Information Security is an ancient field, with its earliest recorded origins pointing to Julius Caesar himself. Keeping sensitive information secure is obviously nothing new, but the techniques used continue to get overhauls every few years as our world and technology continues to innovate. Web Application Security is of course only as “old” as web apps themselves. But to read the history of Information Security and Web Application Security Testing is not only fascinating, but can also be massively helpful in helping create a more secure future. So, without further ado, read on for a brief history of security in general and application security testing in specific. Read More »
blog-2017-devops-accounts-1

DevOps and Security Experts You Should Be Following on Twitter in 2017

Feb 23, 2017 By Arden Rubens | Twitter is an amazing wealth of ideas, opinions, and other resources. But with well over 300 users active on a monthly basis, Twitter can also be hard to navigate. There are so many people to follow and so little time to find the right ones.   When it comes to DevOps and Security, there are lots of great thinkers on the front lines of the union – and luckily for us, many are on Twitter. Whether you’re just starting out or are looking for new ways to integrate security within DevOps (and vice versa), Twitter is a great place to seek out info and be a part of the discussions.   Read More »
trump-linked

Trump Website Hacked: Subdomain Takeover Defaces Fundraising Site

Feb 22, 2017 By Paul Curran | The 2016 American elections were overshadowed with cybersecurity concerns, accusations and in some cases, actual attacks. After an election season full of the current U.S. president accusing his opponent of “treasonously” weak cybersecurity, one of his own domains, associated with his fundraising efforts has been hacked and defaced by way of a subdomain takeover.     On February 20th, hackers acting under the pseudonym “Pro_Mast3r” defaced one of Donald Trump’s official websites which is used for fundraising. Checkmarx’s Security Research Team wrote a detailed brief which explains the vulnerability that the malicious party used, an example via proof of concept as well as tools which can be used to prevent such attacks in the future. Read More »
blog-2017-security-terms

3 Need-to-Know Security Terms for 2017: DevOps, “Shifting Left” and Ransomware

Feb 15, 2017 By Arden Rubens | As organizations of all sizes and verticals prepare for whatever malicious cyber criminals have in store for them in the upcoming fiscal quarters,  we wanted to focus on three need-to-know terms that all security professionals should be aware of, and familiar with, in 2017.   Today, organizations need to increase the speed and quantity of their releases, thus leading to an industry shift from waterfall to agile software development. Out of this shift in methodology, DevOps was born. Read More »
blog-apac-threats-part3

Cyber Threats Facing APAC – Applications

Feb 13, 2017 By Arden Rubens | New and improved fast paced technologies are offering us exciting ways to live, are helping us at work, and continue pushing the boundaries of innovation and efficiency. However, along with all of the good comes the bad – the raised risk and exposure to security threats. In part one and part two of our three part series on cyber threats facing the Asia Pacific (APAC) region, we established that APAC has the worst record in terms of cyber security, with its countries some of the most vulnerable in the world and the discovery of breaches taking over three times longer than the global average. Read More »
blog-ransomware-3

Speed up and Save: The ROI of Shifting Security Left [VIDEO]

Feb 09, 2017 By Paul Curran | A key differentiator for application security testing solutions (AST) is the ROI that each method brings to the organization. How much time can be saved? How much money can your organization save during remediation? When vulnerabilities make it past the development stage and onto production, how many different departments need to be involved in remediation efforts? These are all questions that need to be considered when deciding which security solution brings the most value to your organization.    AST ROI can be measured in terms of cost of company resources in dollars, personnel and time needed to remediate detected vulnerabilities. Read More »
blog-jan-hacks

January 2017: Top Hacks and Breaches [INFOGRAPHIC]

Feb 08, 2017 By Arden Rubens | The new year started with a whole new collection of hacks and security breaches. On the 4th of January, the known hacker CyberZeist claimed to have hacked the FBI’s website and proved it by leaking personal account information of several FBI agents. The hack happened by the exploitation of a zero-day vulnerability in the Plone CMS, according to a report by Hacker News. Since, Plone has denied that there was a zero-day vulnerability, yet released a security update on the 17th of January to “patch various vulnerabilities”.   Read More »
thumbnail_rsa-2017-blog-graphic

A First Timer’s Guide to the RSA USA Conference: 2017 Edition

Feb 07, 2017 By Sarah Vonnegut | Each February, the security world comes together in the techiest city in the world for a packed week of seminars, keynotes, checking out the latest and greatest security technologies, and of course, lots of parties. If you’ve never been to the RSA Conference and are planning on going in just a few short weeks – you’re in for a wild ride! Read More »
DevSecOps

DevOps & The Secure SDLC: Breaking Down Barriers with DevSecOps

Feb 02, 2017 By Sarah Vonnegut | The adoption of DevOps in enterprises around the world has created a whole new meaning to constant, rapid innovation and delivery. Iteration after iteration, DevOps is designed to improve the end product endlessly, pushing the limits of speed and collaboration. Read More »
blog-ransomware

Cybersecurity in 2017: Interview with OWASP Author Jim Manico

Jan 29, 2017 By Paul Curran | As the software world still reels from the major hacks and breaches that occurred, and surfaced, in 2016, it’s critical that organizations ensure that their code security gets the attention that it deserves in 2017, and beyond.   In order to gain some quick insight into the application security landscape for 2017, we conducted a short interview with Jim Manico. Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

REQUEST A DEMO

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.