Tag: Application Security

21 Awesome Talks and Resources on Security and DevOps

As we wrote about last week, the explosion of DevOps – with 88% of businesses saying they’ve adopted or will adopt DevOps within the next five years – has made it clear that we need to tightly integrate security in the fast-paced, iterative cultures that are DevOps organizations.   We can’t fight DevOps, if we

Read More »

Proactive AppSec

The Ten Commandments of Proactive Application Security

When you’re constantly reacting to suspicious alerts and fixing vulnerabilities only after they’ve been exploited, you’re missing the point of application security.   Application security, according to Wikipedia, “encompasses the measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying vulnerabilities… of the application.” The practice

Read More »

Application Security Metrics: Where (And Why) To Begin?

A wise man once said, “to measure is to know…if you cannot measure it, you cannot improve it.” When it comes to application security, measurements are crucial to the success of your program. But determining how to best combine your measurements into metrics which show your programs value is much more important. As a CISO

Read More »

All You Wanted To Know About Continuous Integration Security

Continuous Integration (CI) is an application development practice that’s becoming more and more popular in large software development organizations. While it boosts productivity and code integrity, it introduces new technical challenges in the security process, magnifying the importance of selecting of the right solution for the task.  

Read More »

The AliExpress XSS Hacking Explained

This post was originally published on the AppSec-Labs blog.   As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate

Read More »

AppSec 101: The Secure Software Development Life Cycle

Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known

Read More »

3 Things to Know About Managing Open Source Components in Your App

Manage your software where it’s created. It is in your continuous integration environment where the various pieces of code become software. While some of the software is proprietary, much of it (probably over 50%) is open source components, as your development teams use open source components to boost their productivity and make better products. You most

Read More »

What’s Holding You­­­­ Back from Securing Your Code?

Organizations today are aware of security risks they can be exposed to as a result of bad or wrong code practice.  However, while awareness is the first step, being able to act is a whole other ballgame. After witnessing more and more companies being hit by attacks based on well-known vulnerabilities, we sought to understand what’s holding organizations

Read More »

Most Popular Stories of the Year from the Checkmarx Blog

With the beginning of the New Year comes lots of reflection for the past 365 days. Here at Checkmarx, we had a fantastic and busy year – and it definitely shows on the blog. If you’re looking for some good security info to sink in to or want to catch up on the stories you

Read More »

Jump to Category