Checkmarx Blog

Copy of blog - history of appsec

7 Ways to Win Over Your CISO

Mar 22, 2017 By Sarah Vonnegut | Security maturity, as cliche as it sounds, is a journey – not a destination. Security is never “done”; there is always more to be done, new technologies or processes to secure, evolving business objectives with which to align.   The great part about being on the security team is that you don’t have to be the CISO, or Chief Information Security Officer, to make some real changes. If you’re a dedicated security professional, you can absolutely help guide how security is implemented in your organization, as well as how security is perceived. Not only are these activities good for the company as a whole as well as the security team – your good work is often reflected back on you, personally – and can help you in your professional journey.   Read More »
blog-history-of-appsec-2

The History of Application Security Testing – Part 2

Mar 16, 2017 By Sarah Vonnegut | Last week, we discussed the early history of computer security, tracing back to World War II and the “bombe”. This week, we’re looking back to the origins of the internet and how application security testing became an invaluable part of enterprise security. Here we go!
Read Part 1 of The History of Application Security Testing HERE Read More »
copy-of-copy-of-blog

Bamboo vs Jenkins

Mar 12, 2017 By Paul Curran | The adoption of DevOps increased from 66 percent in 2015 to 74 percent in 2016 and the trend shows no sign of slowing down in 2017.   As more enterprises expand their teams working on continuous integration (CI), deployment, and delivery, there is an increasing demand to find the best solution to fit their deployment needs.   Read on to understand the benefits of Bamboo and Jenkins, two of the leading platforms for CI deployment and delivery, as well as the options available for implementing security through static code analysis in both of these solutions. Read More »
1_360

What You Need to Know: Julian Assange & WikiLeaks [INFOGRAPHIC]

Mar 09, 2017 By Paul Curran | Julian Assange is an Australian activist, computer programmer, and hacker who, in December 2006, founded WikiLeaks. His goal was to provide a platform where classified and sensitive documents can be posted anonymously.   Since its’ start, WikiLeaks drew a lot of attention following some major information exposed on the site, however the first major leak resulting in legal charges (against WikiLeaks) was the exposure of Swiss Bank and Julius Baer for involvement in money laundering.   Read More »
blog-infographic

February 2017: Top Hacks and Breaches [INFOGRAPHIC]

Mar 05, 2017 By Arden Rubens |
February may be the shortest month, but there definitely was no shortage in hacks and breaches. The month started with a an anonymous hacker single-handedly taking down an entire dark web hosting service with more than 10K Tor-based .onion sites. Then, on February 10th, a security flaw found in WordPress allowed hackers to attack and deface an estimated 1.5M pages.   Later on in February, hackers (masked as “Pro_Mast3r”) defaced one of the Trump Administration’s official fundraising websites in a subdomain takeover. On February 28th, data from connected CloudPets teddy bears was leaked after the database was found unsecured. Over 800K users were found in the database, which also contained recorded kids’ voice messages. Read More »
copy-of-blog

Key Takeaways from Ponemon’s 2017 Study on Mobile and Internet of Things Application Security

Mar 01, 2017 By Arden Rubens | Today, organizations are developing and releasing mobile and Internet of Things (IoT) devices and apps at a rapid speed. According to recent research, it is estimated that around 50B IoT devices will be connected to the Internet by 2020 while 2017 started with a record 2.2M downloadable apps in the App Store.   Every year, Ponemon Institute releases a study on Mobile and Internet of Things Application Security focusing on understanding how organizations are lowering the risks in mobile and IoT apps in the workplace. Based on this study, while the worry and understanding of mobile and IoT application security threats is increasing. There is a severe lack of urgency in addressing issues and proper application security testing is occurring during later stages in an app’s SDLC. Continue reading for a full list of key takeaways from Ponemon’s 2017 Study on Mobile and Internet of Things Application Security. Read More »
blog-history-of-appsec

The History of Application Security Testing – Part 1

Feb 27, 2017 By Sarah Vonnegut | Information Security is an ancient field, with its earliest recorded origins pointing to Julius Caesar himself. Keeping sensitive information secure is obviously nothing new, but the techniques used continue to get overhauls every few years as our world and technology continues to innovate. Web Application Security is of course only as “old” as web apps themselves. But to read the history of Information Security and Web Application Security Testing is not only fascinating, but can also be massively helpful in helping create a more secure future. So, without further ado, read on for a brief history of security in general and application security testing in specific. Read More »
blog-2017-devops-accounts-1

DevOps and Security Experts You Should Be Following on Twitter in 2017

Feb 23, 2017 By Arden Rubens | Twitter is an amazing wealth of ideas, opinions, and other resources. But with well over 300M users active on a monthly basis, Twitter can also be hard to navigate. There are so many people to follow and so little time to find the right ones.   When it comes to DevOps and Security, there are lots of great thinkers on the front lines of the union – and luckily for us, many are on Twitter. Whether you’re just starting out or are looking for new ways to integrate security within DevOps (and vice versa), Twitter is a great place to seek out info and be a part of the discussions.   Read More »
trump-linked

Trump Website Hacked: Subdomain Takeover Defaces Fundraising Site

Feb 22, 2017 By Paul Curran | The 2016 American elections were overshadowed with cybersecurity concerns, accusations and in some cases, actual attacks. After an election season full of the current U.S. president accusing his opponent of “treasonously” weak cybersecurity, one of his own domains, associated with his fundraising efforts has been hacked and defaced by way of a subdomain takeover.     On February 20th, hackers acting under the pseudonym “Pro_Mast3r” defaced one of Donald Trump’s official websites which is used for fundraising. Checkmarx’s Security Research Team wrote a detailed brief which explains the vulnerability that the malicious party used, an example via proof of concept as well as tools which can be used to prevent such attacks in the future. Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.