Checkmarx Blog

Verizon 2016 Data Breach Investigation Report

Verizon 2016 Data Breach Investigation Report – Takeaways

Jun 09, 2016 By Paul Curran | For the ninth consecutive year, Verizon has published its annual Data Breach Investigations Report (DBIR). Read on to find out Checkmarx’s key takeaways from the Verizon 2016 Data Breach Investigations Report report.
The 2016 Data Breach Investigations Report is based on a final dataset of 62,199 security incidents and 2,260 data breaches. These incidents affect organizations in more than 82 countries and the victims are organizations varying in both industry and size.
Read More »
Copy-of-versus-2

Cyber Crime Statistics Infographic

May 25, 2016 By Paul Curran | How much are cyber attacks costing organizations across the world? Which breaches are the most costly to fix and how prepared are these organizations? Find out in our cyber crime statistics infographic below.
Read More »
Copy-of-Copy-of-versus

Great Ways to Get Management on Your Side with Application Security

May 23, 2016 By Kevin Beaver | When it comes to application security, I’ve yet to meet an IT or security professional who hasn’t struggled with getting – and keeping – management on board. The challenges of executive support for security initiatives know no boundaries. Getting management on your side with application security can be a constant battle, what can you do about it?
Read More »
untitled-poster-21

Do Developers at Facebook use PHP Static Analysis Tools?

May 19, 2016 By Paul Curran | Since its humble beginnings, PHP and Facebook have had an interesting relationship. PHP was at the heart of Facebook code, and in many ways still remains that way, but do developers at Facebook use PHP Static analysis tools?
Read More »
versus-1

Source Code versus Bytecode Analysis

May 11, 2016 By Paul Curran | In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis.
While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes to gauging inherent software risk, which method will expose more vulnerabilities? Which method should your organization be using?
Read More »
Hacker-Typev2-02

What Type of Hacker Are You?

May 10, 2016 By Sarah Vonnegut | While movies and TV shows have made the term ‘hacker’ variations of awful stereotypes, all sorts of hackers, good and bad exist in the world. Maybe you’re one of them – or perhaps you wish you were. Want to know what type of hacker you’d be if you were? Take the quiz and find out!
Read More »
OpenSSL-Vulnerabilities-01

OpenSSL Vulnerabilities: Takeaways from the Latest Patch

May 06, 2016 By Sarah Vonnegut | The OpenSSL project this week released a series of patches to combat six vulnerabilities that have been discovered as of late, including two high-severity flaws that would give attackers the ability to decrypt HTTPS traffic, execute malicious code on vulnerable servers, and possibly even cause servers to crash. Ironically, one of the flaws was actually inadvertently implemented as part of the fix for the Lucky 13 flaw that was discovered in 2013.
Read More »
SAST-Security-Vulnerability-Assessment-01

Why SAST is Essential for a Security Vulnerability Assessment

May 05, 2016 By Sarah Vonnegut | Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices.
  And while it’s true that some organizations are better at this than others (or sometimes just luckier), the fact remains that nobody needs to be reminded that security vulnerability assessments are worthwhile.
Read More »
3

Cyber Terrorism – How Real is the Threat?

May 04, 2016 By Paul Curran | As our dependency on the internet increases from our phones to our streets, hospitals and cities, so do the threats posed by cyber terrorism. “Cyber terrorism” is a contested term that can erroneously include acts of “hacktivism” and internet vandalism which do not directly threaten the lives and livelihoods of their victims. The potential threats posed by cyber terrorism are daunting, but are they really within the reach of cyber terrorists?
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.