Checkmarx Blog

Code Injections

5 Deadly Code Injections That Can Obliterate Your Application

Cybercrime has evolved significantly over the years. While initially based mainly on social engineering and phishing, hackers today implement a wide range of techniques to exploit vulnerable applications with porous code. Code injections have arguably become the weapons of choice for hackers and are constantly being used to perform high-profile hackings worldwide.     

Read More »

6 Tips for Ensuring Your Application Security Program Isn’t a Flop

Baking security in to our applications is just not an option anymore. The explosion of the number of applications within organizations, coupled with the constant breaches we hear about (and the many more we don’t) don’t allow room for complacency when it comes to securing your organization and customer data.   Yet CISOs and security managers

Read More »

PCI DSS Compliance Made Easy Using Source Code Analysis

The e-commerce and retail fields have undergone mammoth changes over the last decade. Paying in hard cash has almost become a thing of the past. Credit and debit cards are now being used to conduct millions of transactions and e-shopping purchases on a daily basis worldwide. But this new reality has also introduced numerous security perils.  

Read More »

SAST vs DAST – Why SAST?

Application security used to be an afterthought until a few years ago, but the exponential rise in cybercrime and malicious activity has made organizations pay more attention to this crucial aspect. This realization has also brought up a widespread discussion about the pros and cons of the various AppSec solutions that are on offer in

Read More »

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

They say the best defense is a good offense – and it’s no different in the InfoSec world. Use these 15 deliberately vulnerable sites to practice your hacking skills so you can be the best defender you can – whether you’re a developer, security manager, auditor or pen-tester. Always remember: Practice makes perfect! What other

Read More »

XSS: The Definitive Guide to Cross-Site Scripting Prevention

As old as web browsers themselves, cross-site scripting (XSS) has been an ongoing issue in the security world. Its’ consistent appearance on the OWASP Top 10 and in news reports of cross-site scripting attacks has kept the security issue in the spotlight over the years. Yet after two decades the security issue remains one of the

Read More »

All You Wanted To Know About Continuous Integration Security

Continuous Integration (CI) is an application development practice that’s becoming more and more popular in large software development organizations. While it boosts productivity and code integrity, it introduces new technical challenges in the security process, magnifying the importance of selecting of the right solution for the task.  

Read More »

CISO Gary Hayslip, San Diego

CISO Insights: How the CISO of San Diego Secures His City

This article is the first in a series of interviews with CISOs in various industries. Our goal is to share our conversations with different Chief Information Security Officers about how they deal with daily tasks as well as the bigger picture of innovating security practices around business operations.   Gary Hayslip is currently the Deputy

Read More »

Jump to Category