Checkmarx Blog

Insight1

Checkmarx Receives $84 Million Investment From Insight Venture Partners to Further Accelerate Growth

Jun 25, 2015 By Sarah Vonnegut | Checkmarx, a global leader in software application security, today announced a $84M investment from New York-based venture capital and private equity firm, Insight Venture Partners. The new round of capital will be primarily used to further accelerate growth through product innovation and global expansion.
Read More »
phone with key on white background. Isolated 3D image

Mobile Security In Limbo With Coding Vulnerabilities Galore

Jun 24, 2015 By Sharon Solomon | It’s no secret is that the smartphone is the modern man’s best friend. Over 7 billion mobile devices are being used today all around the world and they are multiplying 5 times faster than human beings. With the astronomical amounts of private information being transferred worldwide, the need for strong mobile security has become paramount. Unfortunately, the news about new vulnerabilities and high-profile breaches are raining down on us.
Read More »
talks

21 Awesome Talks and Resources on Security and DevOps

Jun 22, 2015 By Sarah Vonnegut | As we wrote about last week, the explosion of DevOps – with 88% of businesses saying they’ve adopted or will adopt DevOps within the next five years – has made it clear that we need to tightly integrate security in the fast-paced, iterative cultures that are DevOps organizations.   We can’t fight DevOps, if we ever did. DevOps is good all around when done right – and security plays a big part in helping DevOps organizations thrive. And luckily for you, lots of security and DevOps people already have experience in how to work in harmony together – and even better, they want to pass their knowledge along. There is some great watching and reading material to draw inspiration, ideas and advice from – so we gathered up 21 of the best talks and other resources we’ve seen to help you along the way.   
Read More »
Application Security Program Leader

8 Problems Every Application Security Program Leader Has To Tackle

Jun 17, 2015 By Sharon Solomon | Despite the astounding rise in cybercrime and hacking incidents worldwide, the modern Application Security Program Leader faces numerous bumps and obstacles on a daily basis within his organization. Application security has come a long way in the last decade, but the inherited limitations of the traditional solutions are not making life easy.
Read More »
Sign start on an empty road

Security and DevOps: How To Get Started

Jun 11, 2015 By Sarah Vonnegut | The Rise of DevOps
  The methods we use to develop software have gone through radical transformations over the last five years. ‘Slow and steady’ has evolved into quick and agile methodologies like DevOps.   Based on disrupting the silos between Developers and Operations, DevOps embraces the idea of a shared culture of trust, collaboration and automation. By creating cross-functional teams, organizations have reported numerous benefits, not least of which is from a major increase in communication and reliance between teams, which share responsibility for on-time deploys, uptime and downtime.   And it’s taking over the world.
Read More »
SAST

SAST vs WAF – 5 Reasons To Opt For SAST

Jun 03, 2015 By Sharon Solomon | With the industrialization of cybercrime and rise in hacking severity, the value of traditional application security techniques is imploding. The Web Application Firewall (WAF), considered as a go-to security solution until not long ago, is currently experiencing a constant erosion in its effectiveness. On the other hand, Static Application Security Testing (SAST) solutions are gaining momentum.  
Read More »
Proactive AppSec

The Ten Commandments of Proactive Application Security

May 29, 2015 By Sarah Vonnegut | When you’re constantly reacting to suspicious alerts and fixing vulnerabilities only after they’ve been exploited, you’re missing the point of application security.   Application security, according to Wikipedia, “encompasses the measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying vulnerabilities… of the application.” The practice of application security, at its core, exists solely to protect the data of an organization’s applications and, more importantly, the organization itself.  
Read More »
Android App Vuln.

Android Application Security Sucks! Here’s what to do about it

May 26, 2015 By Amit Ashbel | Brought to you by Appsec Labs and Checkmarx.  Android Platform Security Essentials Android…. It is no longer just a mobile phone. Nowadays Android applications are running anywhere and everywhere. Home Appliances, watches, TVs, car applications and with the Internet of Things kicking in quickly, Android applications will probably become even more prevalent in our lives.
Read More »
cyber security blogs

29 Cyber Security Blogs You Should Be Reading

May 21, 2015 By Sarah Vonnegut | Staying up-to-date is important for lots of reasons, but when you’re a Cyber Security professional, knowing about the latest tech, breaches, vulnerabilities,etc. is pretty much essential to your career. If you miss out on an important piece of news, your organization could miss out on much more.   More than just knowing what’s going on, though, keeping current in cyber security news is an opportunity to absorb and uncover innovative ideas surrounding InfoSec and the way you do your job.
Read More »
Automated Application Security Testing

Application Security Testing – Automated Vs Manual

May 19, 2015 By Sharon Solomon | The massive rise in the number of web and mobile applications in recent years has indirectly led to an inferno of cybercrime that aims to exploit application-layer vulnerabilities. Organizations have a wide range of security products at their disposal today, but they are often unable to decide between automated and manual application security testing. This article aims at providing an in-depth comparison between the two methodologies.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.