Checkmarx Blog

RSA Conference 2016: AppSec Track Impressions

2 weeks ago I attended RSA Conference 2016 in San Francisco. I had the chance to attend multiple talks in the AppSec track and listen to what the other vendors, thought-leaders and experts had to say. In a nutshell, all talks and discussions revolved around how to get the developers engaged with the security process.

Read More ›

When Booking Your Flight Becomes Dangerous

Flying is a pain. Booking flights can be just as annoying. But, as one of Checkmarx’s own recently discovered, booking your flight can also be dangerous. David Sopas, a Portuguese security researcher at Checkmarx who hunts bug on the side, found a common, highly disruptive security vulnerability on one of the largest airlines in the

Read More ›

Understanding Application Security Vulnerabilities: Part One

As hackers start attacking our applications more and more, it is imperative that organizations begin treating security testing with the same enthusiasm they give to quality testing. Just like if there are major functionality issues or a feature isn’t working the product doesn’t ship – the same attitude needs to go for deploying  with major

Read More ›

Static Code Analysis Tools – The AppSec Checklist

You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to

Read More ›

Security Testing in the SDLC: A Beginner’s Guide

As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the

Read More ›

Software Security Assurance: 4 Secrets to Unleashing the Power of Your Program

The software and web applications we design, develop and deploy in our organizations are a major resource in and of themselves, without even considering the critical data they may hold. Building secure software should be an essential part of any organization, and yet software security assurance still lags depressingly behind quality assurance in the vast

Read More ›

HTML5 Security

All You Wanted To Know About HTML5 Security

With Google officially dropping Flash ad support in favor of HTML5, the security aspect of this relatively young programming and scripting language has become extremely crucial. Being a web-based application always invites cybercrime, which means that code integrity is very important. The following article will lay down the most important Application Program Interface (API) coding

Read More ›

The Cybersecurity Organizations & Resources You Need to Know

No matter where you are on your journey in security, there is always room to keep learning. Especially in the security industry, it’s important to aim for a deep understanding of software and how applications interact on the web. In such a dynamic field, there’s no doubt the learning will never end.   Luckily for

Read More ›

Secure Code Review

5 Best Practices for the Perfect Secure Code Review

You’ve worked hard to ensure that security tools and processes are integrated throughout development, and an application or update is days or possibly just hours away from release. Your app is ready to go, right? Wrong! You’ve got one more step in the security process before you can give the green light where security is concerned:

Read More ›

OSI Model

Application Layer Security Within the OSI Model

With more and more high-profile hackings taking place in recent years, application security has become the call of the hour. But while the awareness is on the rise, not all security officers and developers know what exactly needs to be secured. One aspect that is often overlooked during development is application layer security. The following

Read More ›

Jump to Category