Tag : Application Security

blog-owasp-resources

Top 5 OWASP Resources No Developer Should Be Without

Jan 09, 2018 By Sarah Vonnegut | Writing secure code is now a must for developers. The rising number of attacks on organizations big and small and the fallout for companies who’ve been breached are growing. As such, security is finally moving out of the periphery to become a mainstay for business continuity.  

</Read More>
blog-recap_-the-biggest-data-breaches-of-2017

Recap: The Biggest Data Breaches of 2017

Dec 31, 2017 By Arden Rubens | From a Republican National Committee contractor exposing voting data on nearly 200 million people to Equifax revealing a breach impacting over 143 million people – it’s safe to say that when it comes to data breaches, 2017 has kept us on our toes. So much so that more data was lost or stolen in the first half of 2017 (1.9 billion records) than in the entire of 2016 (1.37 billion) according to research released earlier this year.  

</Read More>
blog-a-closer-look_-owasp-top-10-application-security-risks

A Closer Look: OWASP Top 10 2017 – Application Security Risks

Dec 03, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Application Security Risks according to OWASP.

</Read More>
blog-owasp-infographic

INFOGRAPHIC: OWASP Top 10 Application Security Risks

Nov 30, 2017 By Arden Rubens | The OWASP Top 10 Application Security Risks 2017 (PDF) is out. The list takes a good look at the most critical application security risks facing organizations and developers today, with the big goal of raising awareness, upping the knowledge, and helping security teams and developers release secure applications. 

</Read More>
static code analysis

Static Code Analysis: Binary vs. Source

Nov 21, 2017 By Dafna Zahger | “The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant.   Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading companies across markets and fields. This leads to a variety of Static Code Analysis solutions: the technique of automatically analyzing an application’s source and binary code to find security vulnerabilities.

</Read More>
blog-android-webview_-secure-coding-practices

Android WebView: Secure Coding Practices

Nov 16, 2017 By Erez Yalon | This is part one of a three-part series. Click here to read part two.  Nowadays, there is no doubt that mobile applications have changed the world in a big way. Just look at the interaction habits, for example the way people socialize as individuals or in a group has changed as what was once far away is now at our fingertips.   There is an infinite number of applications and resources available to millions of users. And as these numbers grow, security concerns raise as well.  

</Read More>
blog-3-ways-to-prevent-xss

3 Ways to Prevent XSS

Oct 09, 2017 By Sarah Vonnegut | When we discuss vulnerabilities in applications, there are different categories that we come across. Some vulnerabilities are extremely common yet allow for little or no damage should an attacker discover and exploit them, while others are incredibly rare but can have major, lasting impact on the organizations behind the attacked application. Then, there’s the third category: Common and deadly. Cross-Site Scripting,  commonly shortened to XSS, is one of the most common vulnerabilities found in applications, and can cause serious damage given the right time and the right attacker.  

</Read More>
blog-why-you-need-automated-security-in-an-agile-software-environment

Why You Need Automated Security in an Agile Software Environment

Sep 25, 2017 By Sarah Vonnegut | Today’s business cycles require faster and more innovative results more than ever before in order to stay competitive. As organizations have started speeding up their time to market, they quickly realized the waterfall methodology was no longer working, and responded with the creation and adoption of rapid application development methodologies. One of those methodologies, agile software development is arguably the most popular of these methodologies, and has been adopted by thousands of organizations around the world.  

</Read More>
blog-appsec-metrics

AppSec Metrics That Matter

Jul 11, 2017 By Sarah Vonnegut |   Metrics matter. Metrics are important because they tell you, stakeholders and budget planners how well you’re meeting your set goals. Metrics ensure that your program has visibility and is the only way to effectively communicate the value of your application security program. If you simply go through the AppSec motions of scanning and fixing, you have no insight into how effective your application security program is or if you’re hitting either your security goals or business goals.  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.