Checkmarx Blog

Security Experts

Security Experts Speak: Biggest AppSec Priorities and Concerns in 2016

Jan 15, 2016 By Sarah Vonnegut | Each year opens a new Pandora’s Box for the security industry, with a slew of never-before-seen evil wonders that can throw anyone not prepared for a loop. That’s why risk management is so critical in our field – since we can’t know what’s to come, we need to prepare as best we can before that worst-case scenario happens. If you’re not a security expert, though, it can be difficult to figure out where to spend your energy over the year in terms of securing your organization. 
To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.  
Read More »
eBay XSS Vulnerability

What You Need To Know – Millions of eBay Users Exposed

Jan 14, 2016 By Sharon Solomon | Online e-commerce has become the rage. Millions of people worldwide are doing their shopping on the various online platforms. But even enormous e-commerce platforms like eBay are not immune to cybercrime, as security researcher MLT demonstrated recently. The culprit this time was Cross Site Scripting (XSS), a common application layer vulnerability that obviously was not detected/remediated during development.
Read More »
Agile Software Development

5 Benefits of Automated Security in Agile Software Development

Jan 06, 2016 By Sharon Solomon | The IT industry is constantly evolving, with more and more organizations ditching the old Sequential Design Process (Waterfall). Agile Software Development (ASD), an iterative methodology based on collaboration between various cross-functional and self-organizing teams, is becoming the go-to tactic for many organizations across the globe. But Agile software development also requires proper security implementation for optimal results. What is the best application security strategy for this popular methodology? Lets find out.
Read More »
Most Popular Posts Checkmarx Blog

The 10 Most Popular Posts of 2015

Jan 01, 2016 By Sarah Vonnegut | As we say goodbye to 2015 and begin the new year, we’d like to take a moment to reflect on the great year we had on the Checkmarx blog. We’ve covered a huge array of topics, from interviews with ethical hackers to discussions on the importance of integrating security and DevOps, and it’s that variety that shows through in our most popular posts of 2015.   In the new year, we promise to continue writing articles and guides that will help both security professionals and those wanting to learn more about security progress in their AppSec journeys.   For now, these are the ten most popular posts from the Checkmarx blog in 2015 – enjoy!  
Read More »
Buffer Overflow

Buffer Overflow: The Mother of All Vulnerabilities

Dec 28, 2015 By Sharon Solomon | The Buffer Overflow vulnerability has been around for almost 3 decades and it’s still going strong. Hackers all around the world continue to name it as their default tactic due to the huge number of susceptible web applications. But what steps are organizations (devs) taking to combat this vulnerability? What role does secure coding play in eliminating this threat? This article also includes an ethical hacker’s Buffer Overflow POC along with a brief Q&A.
Read More »
Blog Headers

Why DevOps Is Actually Good for Your Security Program

Dec 18, 2015 By Sarah Vonnegut | With organizational culture – and along with it processes and technology – evolving at a pace we’ve never experienced before, we can’t sit back and wait for the “DevOps fad” to fade away. It’s not a fad, it’s an evolved way of software development. And security cannot be the elephant in the room, the team everyone avoids because it just gets too complicated. Security must evolve, as well. We must become SecDevOps.   Many organizations are now routinely pushing out tens if not hundreds of releases and updates on a daily basis. If there’s ever been a wake-up call for the security industry to change their outdated ways – DevOps is it.
Read More »
IoT

Internet of Things (IoT): Hack My Hospital

Dec 16, 2015 By Sharon Solomon | Hospitals and medical clinics were once places where patients were sheltered from the outer world and had the privacy they required for recovering safely. But with the Internet of Things (IoT) revolution in full swing and online health monitoring devices in abundance, the risks involving data leakage and privacy violation are rising exponentially. How safe is today’s healthcare ecosystem? Not very much, as the following article will show you.
Read More »
Whatyouneed2know

What you need to know – Anonymous strikes the European Space Agency

Dec 14, 2015 By Amit Ashbel | Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more than 8,000 subscriber’s data has been exposed.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.