Tag: Application Security

AppSec 101: The Secure Software Development Life Cycle

Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known

Read More ›

3 Things to Know About Managing Open Source Components in Your App

Manage your software where it’s created. It is in your continuous integration environment where the various pieces of code become software. While some of the software is proprietary, much of it (probably over 50%) is open source components, as your development teams use open source components to boost their productivity and make better products. You most

Read More ›

What’s Holding You­­­­ Back from Securing Your Code?

Organizations today are aware of security risks they can be exposed to as a result of bad or wrong code practice.  However, while awareness is the first step, being able to act is a whole other ballgame. After witnessing more and more companies being hit by attacks based on well-known vulnerabilities, we sought to understand what’s holding organizations

Read More ›

Most Popular Stories of the Year from the Checkmarx Blog

With the beginning of the New Year comes lots of reflection for the past 365 days. Here at Checkmarx, we had a fantastic and busy year – and it definitely shows on the blog. If you’re looking for some good security info to sink in to or want to catch up on the stories you

Read More ›

open-source-static-code-analysis-security-tools

The Ultimate List of Open Source Static Code Analysis Security Tools

Doing security the right way demands an army – of developers, security teams, and the tools that each uses to help create and maintain secure code.   With the increasingly important mindset of creating quality, secure code from the start, we’ve seen a greater shift towards the adoption of tools designed to detect flaws as

Read More ›

21 AppSec & Security Gurus You Should Be Following On Twitter

 Are you an AppSec Tweeter?    Whether you’re a newbie or an old-timer in the world of application security, Twitter is a great place to listen in and connect with some of the best and brightest in the industry. To help, we’ve compiled a list of some of our favorite tweeters to add to your own

Read More ›

Ensuring your developers love – or at least don’t hate – security

This post originally appeared on SCMagazine.com.  By Maty Siman, Checkmarx Founder & CTO When it comes to an organization’s software security, there’s been a chronic disconnect between the developers who write and build the code and the security teams who audit and enforce the code’s security. This divide historically arose from common misunderstandings: programmers believe that

Read More ›

3 Key Benefits of Automating Your Source Code Review

Automation has taken the business world by storm. We automate everything, from marketing to manufacturing and everything in between, and it often pays off: greater ROIs, higher productivity, less overworked employees. In application security, the same can be true. As web applications have become the essence of business in almost every industry, the risks have

Read More ›

Google Turns Deaf Ear to Speech Recognition Exploit in Chrome

Each new technology seems to emerge together with exploitable baggage. Speech recognition, for example, is being used in rising technologies from Siri to smart homes and is evolving quickly. While speech recognition has the potential to make life much easier and quicker, like any technology it comes with flaws. In this case, a Chrome browser exploit

Read More ›

Preparing the Cyber-Cops of Tomorrow: Interview with Giovanni Vigna

Each year, hundreds of hackers gather in computer labs around the world. Their goal? Like any other hackers, their goal is to manually exploit application and network level flaws in servers across the globe. If it sounds malicious, it’s just because it mimics real world vulnerability exploitations that happen every day. In fact, this specific

Read More ›

Jump to Category