Checkmarx Blog

secure coding practices

7 Point Plan for Sustainable Secure Coding Practices

Oct 13, 2016 By Paul Curran | Gartner estimates that through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Month after month, major organizations face major hacks and breaches which often involve security vulnerabilities that are well known to security professionals. From SQL injections to weak encryption, the astronomical costs associated with exploits which can, and should be, remediated prior to production, should make organizations constantly reconsider, revisit and revise their software development lifecycle and strive towards creating a secure software development lifecycle (sSDLC). Read these tips for sustainable and secure coding practices and be sure to add your own in the comment section below!
Read More »
open source security with Rami Sass

Managing Open Source Security – Interview with Rami Sass

Oct 10, 2016 By Paul Curran | The second in our series of our 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Rami Sass, co-founder and CEO at WhiteSource, the solution that helps engineering executives all over the world to effortlessly manage the use of open source components in their software.
Read More »
AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

Oct 05, 2016 By Paul Curran | As a part of our ongoing initiative to help “Developers Vote Security” for 2016’s National Cyber Security Awareness Month, Checkmarx has published our Application Security Guide for Beginners as a detailed and concise resource that covers the key concepts and top keywords in the field of application security. From what is needed to create a secure software development lifecycle (SDLC) to the top threats facing applications and their consequences, this quick playbook covers it all when it comes to secure coding practices. This guide to secure development is divided into four categories: Code Development Methodologies, Code, Application Security Solutions and Common threats and their impacts.
Read More »
How to Accelerate Application Security: Interview with Dan Cornell, Denim Group CTO

2016 Cybersecurity Awareness Month: How to Accelerate Application Security – Interview with Dan Cornell

Sep 29, 2016 By Paul Curran | This October 2016, Checkmarx is celebrating National Cybersecurity Awareness Month (NCSAM) with content focused on educating and empowering developers about secure coding practices under the slogan “Developers Vote Security.”   As more and more organizations across all verticals speed up their development and adopt DevOps, the responsibility of security is increasingly falling into the hands of the developers during the development stages of the SDLC as the windows for security testing in the later stages continue to shrink.
Read More »
securing the online financial sector with source code analysis feature image

Securing the Online Financial Sector with Source Code Analysis

Sep 21, 2016 By Paul Curran | The financial sector is under constant attack by cyber criminals. In fact, banks are attacked four times more than other industries. Large bank hacks and exploits continually made headlines over 2015 and that trend continues as we progress into Q4 of 2016. What are the major cyber threats facing organizations in the financial and banking sectors, what steps can these organizations take in order to secure their code and what role can source code analysis play in securing banking applications against attackers?
Read More »
cms security tips - feature graphic

Is Your Site Secure? CMS Security Tips from a Canadian Forum Hack

Sep 19, 2016 By Paul Curran | In June 2016, news of a massive hack on the Canada-based forum hosting company VerticalScope spread swiftly around various security blogs and tech news websites. In this attack, hackers were able to steal and leak 45 million records from over 1,000 forums and websites that were included in the VerticalScope network. Amongst their biggest websites, were Motorcycle.com, Boat.com, Mothering.com and more. Read on to find out how the attackers were able to gain access to their database and content management system (CMS) and discover how you can keep your CMS secure.
Read More »
APEX CODING LANGUAGE

ABC’s of Salesforce’s Apex Coding Language [Infographic]

Sep 14, 2016 By Paul Curran | With Salesforce’s giant annual conference, Dreamforce, fast approaching in early October, now’s the time to brush up on their proprietary programming language, Apex. As a strongly typed, object-oriented programming language, Apex allows developers to execute flow and transaction control statements on the Force.com platform server while performing calls to the Force.com API.
Read More »
1

August 2016 Hacks: 8 of the Largest Hacks, Breaches and Cyber Incidents

Sep 11, 2016 By Paul Curran | Summer 2016 has been a hot one for hackers, and August continued the trend of persistent attacks and breaches seen in June and July. This August, American institutions across all levels were hit particularly hard as the Democratic Party was hacked again by Guccifer 2.0, the National Security Agency had one of their sophisticated cyber weapons stolen and put up for auction and the FBI warned that the Board of Elections in two separate states had been targetted by possibly foreign hackers.   August 2016 hacks were unusual, such the release of patients’ urology information in Ohio, and alarming as seen in the theft of over $80 million dollars from the Bangladesh Bank over the long weekend. Read on to discover more of the cyber threats that targetted governments, citizens and financial institutions around the world in August 2016. 
Read More »
2016 us election hacks

2016 US Election Hacks in Arizona and Illinois Brief [INFOGRAPHIC]

Sep 08, 2016 By Paul Curran | In late August 2016, news broke that the FBI was investigating two hacks against the Board of Elections in Illinois and Arizona. With the fervor of the 2016 US elections reaching a tipping point as November nears, the possibility of a hack has raised serious concerns by both voters and voting officials especially as the electoral system becomes increasingly reliant on technology. While the numbers affected by these hacks are significantly smaller than other major hacks and breaches in 2016, the fact that there could be foreign meddling in either the elections process or voter data is a serious cause for alarm. Read our infographic to find out more about these 2016 US election hacks, the victims and the perpetrators.
Read More »
software security in 2016

Why in 2016 Software Security is as Big of a Deal as Ever

Sep 06, 2016 By Kevin Beaver | Year after year, new studies come out from popular vendors and research institutions underscoring that we have quite a ways to go with this thing we call security. Outside of the malware threat that grows a bit more complicated each year, the studies show that we continue to miss the bar in terms of protecting critical systems and sensitive information assets. In a nutshell, we’re missing the basics. That is, the flaws that we already know about and we have solutions for but haven’t yet found the time or political backing to resolve. Read why in 2016 software security, even basic application security, is still as important as ever.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.