Tag : Application Security

AppSec 101

AppSec 101: The Secure Software Development Life Cycle

Mar 19, 2015 By Sharon Solomon | Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known as sSDLC).  

</Read More>
Open Source

3 Things to Know About Managing Open Source Components in Your App

Mar 05, 2015 By Sharon Solomon | Manage your software where it’s created. It is in your continuous integration environment where the various pieces of code become software. While some of the software is proprietary, much of it (probably over 50%) is open source components, as your development teams use open source components to boost their productivity and make better products.
You most likely have your proprietary software thoroughly tested, QAed and reviewed via static code analysis on a regular basis. But what about the open source components?  Open source components may have a direct impact on the quality of your software or service.

</Read More>
Secure Your Code

What’s Holding You­­­­ Back from Securing Your Code?

Feb 25, 2015 By Amit Ashbel | Organizations today are aware of security risks they can be exposed to as a result of bad or wrong code practice.  However, while awareness is the first step, being able to act is a whole other ballgame.
After witnessing more and more companies being hit by attacks based on well-known vulnerabilities, we sought to understand what’s holding organizations back when it comes to implement secure coding practices.
Checkmarx gathered a slew of professionals from organizations around the globe in the same room and asked them one simple question: “What is holding you back from ensuring your Application code is secure?”

</Read More>
Most Popular Posts 2014

Most Popular Stories of the Year from the Checkmarx Blog

Jan 01, 2015 By Sarah Vonnegut | With the beginning of the New Year comes lots of reflection for the past 365 days. Here at Checkmarx, we had a fantastic and busy year – and it definitely shows on the blog. If you’re looking for some good security info to sink in to or want to catch up on the stories you missed, look no further. To wrap up the year and start out 2015 on a strong note, we’re sharing our top 12 most popular stories on our blog from the past year.

</Read More>
open-source-static-code-analysis-security-tools

The Ultimate List of Open Source Static Code Analysis Security Tools

Nov 13, 2014 By Sarah Vonnegut | Doing security the right way demands an army – of developers, security teams, and the tools that each uses to help create and maintain secure code.   With the increasingly important mindset of creating quality, secure code from the start, we’ve seen a greater shift towards the adoption of tools designed to detect flaws as quickly as possible in the software development lifecycle (SDLC).   One of those tools is static code analysis. The true strength of static source code analysis (SCA) is in quickly and automatically checking everything “under the hood” without actually executing the code. Because it works to discover issues that can be hard to discover manually, it’s a perfect companion to the human eye. Even the most senior security people still miss security flaws. After all – we are still human, so the combination of machine and man make for better coverage.

</Read More>
placeit-4

21 AppSec & Security Gurus You Should Be Following On Twitter

Oct 14, 2014 By Sarah Vonnegut |  Are you an AppSec Tweeter? 
  Whether you’re a newbie or an old-timer in the world of application security, Twitter is a great place to listen in and connect with some of the best and brightest in the industry. To help, we’ve compiled a list of some of our favorite tweeters to add to your own Twitter feed.    The list is a cross-section of people in Information Security and Application Security in specific – people whose Tweets we read daily. It’s in no way exhaustive, so please feel free to comment below with people we should add!   Many of these tweeters also maintain personal blogs revolving around application security, and we’ve included them in this post, as well. Build your blogroll along with who you follow on Twitter for double the industry insight!  
Bonus: Follow the whole list on our Twitter list!

</Read More>
SC-Mag

Ensuring your developers love – or at least don’t hate – security

Aug 14, 2014 By Sarah Vonnegut | This post originally appeared on SCMagazine.com.  By Maty Siman, Checkmarx Founder & CTO
When it comes to an organization’s software security, there’s been a chronic disconnect between the developers who write and build the code and the security teams who audit and enforce the code’s security. This divide historically arose from common misunderstandings: programmers believe that security hinders their productivity, while security folks are frustrated that security is not at their top-of-mind.

</Read More>
iStock_000025138182Small-300x199

3 Key Benefits of Automating Your Source Code Review

Mar 18, 2014 By Sarah Vonnegut | Automation has taken the business world by storm. We automate everything, from marketing to manufacturing and everything in between, and it often pays off: greater ROIs, higher productivity, less overworked employees. In application security, the same can be true. As web applications have become the essence of business in almost every industry, the risks have increased. While we will always need code reviewers, pen testers and security teams for areas requiring human intelligence, for the business side or otherwise, automating your source code analysis is a step towards higher security. Let’s look at the top 3 reasons why you should be automating your code review process.

</Read More>
iStock_000018034077Small-210x300

Google Turns Deaf Ear to Speech Recognition Exploit in Chrome

Jan 23, 2014 By Sarah Vonnegut | Each new technology seems to emerge together with exploitable baggage. Speech recognition, for example, is being used in rising technologies from Siri to smart homes and is evolving quickly. While speech recognition has the potential to make life much easier and quicker, like any technology it comes with flaws. In this case, a Chrome browser exploit involving Google’s speech recognition technology that was discovered and reported to Google and has yet to be fixed.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.