Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

Checkmarx Blog

Why Security and DevOps Desperately Need Couples Counseling

Why Security and DevOps Desperately Need Couples Counseling

While at the 2018 Black Hat Conference in Las Vegas I asked attendees point blank if they think that security and DevOps should be in couples counseling. The universal response was a laugh and then a resounding, “Yes.” The reason couples go to couples counseling is because they’re not getting along. They’re not communicating. Usually, only

Read More ›

Checkmarx Report: Tackling Software Exposure in the DevOps Cycle

Today, in an effort to better understand the evolving nature of software delivery and the role security plays, we released a new report, “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle,”which we commissioned with FreeForm Dynamics in coordination with The Register. The report aggregates input from 183 respondents worldwide, the majority

Read More ›

20 Ways to Make Application Security Move at the Speed of DevOps

20 Ways to Make Application Security Move at the Speed of DevOps

Security has been getting a bad rap. For far too long the perceived “inhibitors” have been sidestepped by DevOps in an effort to increase productivity. As Ryan Davidsen, vp, worldwide security solutions, Secureworks, noted, “Traditional approaches for integrating security oversight with application development aren’t keeping pace with the speed required by today’s DevOps teams.” But

Read More ›

Introducing the Checkmarx Certified Engineer Program (CxCE)

If you were to take a look at the current job market for developers, application security engineers, solution architects, penetration testers, or systems engineers, it’s clear that application security testing skill sets are in high demand. You’ll also notice that Checkmarx has become synonymous with application security testing. Gartner further validated this by naming Checkmarx

Read More ›

Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features. In this blog post, we’ll recap Go’s security posture facing Regular Expression Denial of Service (ReDoS) attacks.

Read More ›

Eavesdropping with Amazon Alexa

If you’re using an Amazon Echo, your life is undoubtedly made easier. Instead of searching on your phone the “old fashioned” way, you can simply ask Alexa what the weather is like, to play your favorite song, or to dim the lights. For the Echo, similar to the Google Home with voice assistant, listening is

Read More ›

Decrypting JobCrypter

Ransomware has been a growing issue for some time now. It has evolved into a big business, moving millions of dollars yearly from victims’ pockets into those of attackers. The modus operandi of ransomware authors is to infect your machine through any vector (phishing, drive-by browser exploits, waterholing, etc.) and then proceed to encrypt your important files.

Read More ›

How Secure is Your Online Banking App?

How Secure is Your Online Banking App?

Banking has gone digital. Nearly every major bank offers both an online portal as well as a mobile app, and people seem to prefer it that way. A recent PwC survey found that 46% of consumers only use online banking, a massive jump from their previous survey in 2012, in which only 27% used online

Read More ›

Jump to Category