Checkmarx Blog

OSI Model

Application Layer Security Within the OSI Model

Feb 04, 2016 By Sharon Solomon | With more and more high-profile hackings taking place in recent years, application security has become the call of the hour. But while the awareness is on the rise, not all security officers and developers know what exactly needs to be secured. One aspect that is often overlooked during development is application layer security. The following article will delve into this very aspect and show how crucial it is to protect applications inside-out.
Read More »

Israeli IT Prodigies Visit Checkmarx HQ

Jan 27, 2016 By Sharon Solomon | Checkmarx is continuing its tradition of hosting the brightest programming and computing minds from Israel’s leading academic institutions. This year it was a group of young kids who are currently honing their skills at the Tel Aviv University (TAU). They are a part of a special program that will enable them to complete their college degree by the age of 18. Here are a few highlights from their visit at the Checkmarx headquarters in Tel Aviv.
Read More »
Ultimate Guide to CSRF

The Ultimate Guide to Understanding & Preventing CSRF

Jan 22, 2016 By Sarah Vonnegut | We hear about SQL injection and Cross-Site Scripting constantly – but there are eight other high-risk vulnerabilities we need to be aware of, just in the OWASP Top Ten. One of those eight is yet another one to keep your eyes out for: Cross-Site Request Forgery, normally shortened as CSRF or XSRF.     CSRF is widespread in today’s web apps, OWASP says, and can cause some major damage when exposed in an app that deals with money or data. Just how much damage? The most powerful CSRF attack is most likely this attack discovered against uTorrent in 2008, which would have given an attacker complete control over a victim’s system using a record three CSRF attacks in a row. And while most CSRF attacks aren’t as damaging as that one, they can do damage, given an opportunity in a data-rich web application.  
Read More »
Smart City

Internet of Things (IoT) – Hack My Smart City

Jan 21, 2016 By Sharon Solomon | The modern metropolitan is becoming more and more computerized. Mega computers are running the show in more ways that can be comprehended – traffic signals, electricity networks, water supply pipes, public transport services and other civil utilities. While the Smart City concept is improving the standards of urban services, how safe really is it for us? How can these automated systems stay safe from hackers and cyberattacks?
Read More »
Online Banking Security

All You Wanted To Know About Online Banking Security

Jan 17, 2016 By Sharon Solomon | Gone are the days when people frequented their banks to get their errands done. With more and more banking activities being performed online via web and mobile applications, the security risks are rising exponentially. But are banks and financial institutions doing enough to safeguard our privacy and financial assets? What are the risks and what role do application developers play in providing online banking security? Let’s take a closer look.
Read More »
Security Experts

Security Experts Speak: Biggest AppSec Priorities and Concerns in 2016

Jan 15, 2016 By Sarah Vonnegut | Each year opens a new Pandora’s Box for the security industry, with a slew of never-before-seen evil wonders that can throw anyone not prepared for a loop. That’s why risk management is so critical in our field – since we can’t know what’s to come, we need to prepare as best we can before that worst-case scenario happens. If you’re not a security expert, though, it can be difficult to figure out where to spend your energy over the year in terms of securing your organization. 
To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.  
Read More »
eBay XSS Vulnerability

What You Need To Know – Millions of eBay Users Exposed

Jan 14, 2016 By Sharon Solomon | Online e-commerce has become the rage. Millions of people worldwide are doing their shopping on the various online platforms. But even enormous e-commerce platforms like eBay are not immune to cybercrime, as security researcher MLT demonstrated recently. The culprit this time was Cross Site Scripting (XSS), a common application layer vulnerability that obviously was not detected/remediated during development.
Read More »
Agile Software Development

5 Benefits of Automated Security in Agile Software Development

Jan 06, 2016 By Sharon Solomon | The IT industry is constantly evolving, with more and more organizations ditching the old Sequential Design Process (Waterfall). Agile Software Development (ASD), an iterative methodology based on collaboration between various cross-functional and self-organizing teams, is becoming the go-to tactic for many organizations across the globe. But Agile software development also requires proper security implementation for optimal results. What is the best application security strategy for this popular methodology? Lets find out.
Read More »
Most Popular Posts Checkmarx Blog

The 10 Most Popular Posts of 2015

Jan 01, 2016 By Sarah Vonnegut | As we say goodbye to 2015 and begin the new year, we’d like to take a moment to reflect on the great year we had on the Checkmarx blog. We’ve covered a huge array of topics, from interviews with ethical hackers to discussions on the importance of integrating security and DevOps, and it’s that variety that shows through in our most popular posts of 2015.   In the new year, we promise to continue writing articles and guides that will help both security professionals and those wanting to learn more about security progress in their AppSec journeys.   For now, these are the ten most popular posts from the Checkmarx blog in 2015 – enjoy!  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.