Checkmarx Blog

blog-an-introduction-to-iast

An Introduction to IAST

Jul 13, 2017 By Arden Rubens | As organizations modernize and innovate their technologies and flows, traditional Dynamic Application Security Testing (DAST) is being considered a big setback for one big reason: time. With DAST, scanning for vulnerabilities takes time, special skills and maintenance. Therefore, with the rapid pace of CI/CD, it’s becoming more of a challenge to implement DAST. While automation and fast turnarounds are mandatory for a successful application security program in modern development environments, DAST cannot align with these requirements.  
Read More »
blog-appsec-metrics

AppSec Metrics That Matter

Jul 11, 2017 By Sarah Vonnegut |   Metrics matter. Metrics are important because they tell you, stakeholders and budget planners how well you’re meeting your set goals. Metrics ensure that your program has visibility and is the only way to effectively communicate the value of your application security program. If you simply go through the AppSec motions of scanning and fixing, you have no insight into how effective your application security program is or if you’re hitting either your security goals or business goals.  
Read More »
blog-australian-regulation-new-bill

Australia’s Mandatory Breach Notification Bill – 3 Ways to Prepare Your Organization

Jul 03, 2017 By Sarah Vonnegut | Governments are increasingly taking control of cybersecurity issues for the citizens and organizations they serve. Just last year, Europe passed the General Data Protection Regulation, or GDPR, which requires businesses who handle European citizen’s data to notify customers if they experience a data breach, as well as report it to the regulatory body. In the US, 47 out of 50 states have established state legislature touching on data breach notification requirements, and Canada requires hacked organizations to notify both customers and the Privacy Commissioner.  
Read More »
blog-june-infographic

June 2017: Top Hacks and Breaches [INFOGRAPHIC]

Jun 30, 2017 By Arden Rubens | As we dive into June’s biggest hacks and breaches, we begin with OneLogin – a company which allows users to access multiple websites, applications, and services with just a single password. An attacker got hold of highly-sensitive keys for OneLogin’s cloud instance, and successfully in using its front-door key. In a statement released by the company, it was said that the attacked may have “obtained the ability to decrypt some information”.  
Read More »
blog-abcs-to-ci

An A to Z Guide to Continuous Integration

Jun 25, 2017 By Sarah Vonnegut | The race to improve software quality and innovation has been around since the 1970s. Many processes and workflows have been created to help address the historical issues that prevent teams from developing high-quality applications quickly and reliably, yet enterprises continue their struggle to keep up.  
Read More »
blog-the-abcs-of-appsec-testing-iast-sast-1

The ABCs of AppSec Testing: IAST & SAST

Jun 15, 2017 By Arden Rubens | With cybercrime on the rise, application security remains a massive challenge for organizations and governments across the globe. When it comes to the safety of applications, Penetration Testing (Pen Testing) and Dynamic Application Security Testing (DAST) both remain standing as capable solutions, but both come with a fair share of inherited weaknesses which raise significant limitations within today’s development landscape.  
Read More »
blog-how-to-raise-cybersecurity-awareness

How to Raise Cybersecurity Awareness at all Levels of Your Organization

Jun 15, 2017 By Sarah Vonnegut | We’ve said it once and we’ll say it again: an organization is only as secure as its weakest link. Most, if not all, of your employees are online and on their mobile devices in your workplace, whether you have a BYOD policy in place or not. Developers release software with millions of lines of code, your management discuss and share privileged information, and the rest of the organization opens emails regardless of whether they know the sender or not.  
Read More »
blog-why-your-enterprise-needs-devops

Why Your Enterprise Needs DevOps

Jun 12, 2017 By Sarah Vonnegut | The buzzword of the decade is far from just a trend as organizations struggle to keep up with competition. There’s a reason DevOps is so often discussed and highly regarded. As organization after organization makes the switch and reaps the rewards offered by the DevOps culture, it’s time for all those who could enjoy DevOps to at least try it out. By improving software development at every stage, successful organizations have found, they can also improve on quality, stability, and business benefits. Curious? Let’s find out why your enterprise needs DevOps.
Read More »
blog-may-infographic

May 2017: Top Hacks and Breaches [INFOGRAPHIC]

Jun 05, 2017 By Arden Rubens | It’s only May, and 2017 is well on its way to set a new cyberattack record. As new statistics show, there have been over 1,200 reported data breaches and around 4,800 discovered vulnerabilities released in the first quarter of this year. So, while this post may focus on the month of May – and some of the hacks and breaches that came with it, including one of the largest cyberattacks of all time – we should brace ourselves for a wild ride as the year continues.  
Read More »
blog-stand-out-with-your-appsec-routine-1

5 Steps to Stand Out with your AppSec Routine

Jun 01, 2017 By Sarah Vonnegut | In most organizations, Application Security is sadly behind in adoption, especially when compared to Network Security. And yet, with 84% of attacks aimed at the application layer, we need to turn our focus more towards AppSec. As we use and deploy more and more apps, the interdependencies between them complicate internal infrastructures, leading to more opportunities for misconfigurations and holes that could be used by attackers.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.