Tag : CISO

Security Experts

Security Experts Speak: Biggest AppSec Priorities and Concerns in 2016

Jan 15, 2016 By Sarah Vonnegut | Each year opens a new Pandora’s Box for the security industry, with a slew of never-before-seen evil wonders that can throw anyone not prepared for a loop. That’s why risk management is so critical in our field – since we can’t know what’s to come, we need to prepare as best we can before that worst-case scenario happens. If you’re not a security expert, though, it can be difficult to figure out where to spend your energy over the year in terms of securing your organization. 
To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.  

</Read More>
AppSec Metrics

Application Security Metrics: Where (And Why) To Begin?

May 15, 2015 By Sarah Vonnegut | A wise man once said, “to measure is to know…if you cannot measure it, you cannot improve it.” When it comes to application security, measurements are crucial to the success of your program. But determining how to best combine your measurements into metrics which show your programs value is much more important.
As a CISO or the like, you lead a team that the business absolutely depends on. Unfortunately, information security in general and application security in specific have a hard time gaining support, even if the latest Verizon Data Breach Investigation Report noted that 75% of web app attacks are financially motivated, and that application security falls “squarely under ‘the cost of doing business.’

</Read More>
6 Tips for Ensuring Your AppSec Program

6 Tips for Ensuring Your Application Security Program Isn’t a Flop

May 08, 2015 By Sarah Vonnegut | Baking security in to our applications is just not an option anymore. The explosion of the number of applications within organizations, coupled with the constant breaches we hear about (and the many more we don’t) don’t allow room for complacency when it comes to securing your organization and customer data.   Yet CISOs and security managers still struggle to receive the support and buy-in for basic application security practices while developers are still making careless security mistakes, all because application security is still not being taken seriously enough.   One of the best ways of getting the organization’s support towards AppSec is coming to the board with a clear, measurable program in place.  And even with an AppSec program in place, it’s difficult to know if you’re “doing it right.” Here we offer six points of attention any security practitioner either implementing or designing an application security program should heed.

</Read More>
CISO Gary Hayslip, San Diego

CISO Insights: How the CISO of San Diego Secures His City

Mar 26, 2015 By Sarah Vonnegut | This article is the first in a series of interviews with CISOs in various industries. Our goal is to share our conversations with different Chief Information Security Officers about how they deal with daily tasks as well as the bigger picture of innovating security practices around business operations.   Gary Hayslip is currently the Deputy Director and Chief Information Security Officer for the city of San Diego, a role he’s held for the past two years. Previous to that, Gary spent over 25 years as a Information Security professional in the US Navy Command, working his way up to becoming CISO.   We had the opportunity to interview Gary about the risks and rewards of securing a major city, as well as what he’s learned over his many years in the industry and shared the highlights below. You can also grab the full interview here and be sure to follow Gary on Twitter!  

</Read More>
16 CISOs You Should Be Following on

16 CISOs and Security Leaders You Should be Following on Twitter

Feb 26, 2015 By Sarah Vonnegut | A few months ago we published an article, ’21 AppSec & Security Gurus You Should Be Following on Twitter,’ and even we were surprised with the buzz it created. It seems we had hit a chord with our readers, who are apparently pining for new security people to follow on Twitter. So, to feed your hunger for ‘security twits’, we decided to double down and create a list of the best tweeters of security related news and info by security leaders heading organizations – the CISOs and CSOs.

</Read More>
Secure Your Code

What’s Holding You­­­­ Back from Securing Your Code?

Feb 25, 2015 By Amit Ashbel | Organizations today are aware of security risks they can be exposed to as a result of bad or wrong code practice.  However, while awareness is the first step, being able to act is a whole other ballgame.
After witnessing more and more companies being hit by attacks based on well-known vulnerabilities, we sought to understand what’s holding organizations back when it comes to implement secure coding practices.
Checkmarx gathered a slew of professionals from organizations around the globe in the same room and asked them one simple question: “What is holding you back from ensuring your Application code is secure?”

</Read More>
iStock_000019354781XSmall

Kickstarter Website Compromised; InfoSec Executives On Alert

Feb 19, 2014 By Sharon Solomon | The hacks just keep on coming. Kickstarter, arguably the world’s largest crowdfunded website, has joined the list of high-profile casualties. The site suffered a serious data breach that has probably led to the leakage of personal information and data, including encrypted passwords that can easily be cracked. Kickstarter had no idea that their database was compromised until they were alerted by law enforcement officials. The website technical team then patched up the security glitch and asked all users to replace their old passwords with secure ones. It was announced that no credit card data was compromised, but there is no guarantee that the hackers won’t be able to harvest even this data. While still not announced officially, SQL Injections were probably implemented in the intrusion.

</Read More>
iStock_000014139389Small

Forbes Hacked By SEA; WordPress Vulnerabilities Exploited

Feb 17, 2014 By Sharon Solomon | As the Syrian Civil War rages on, cybercrime activity emerging from the troubled state is reaching monstrous proportions. Syrian president Bashar al-Assad may be losing hold on his people, but his loyal hacker-team is continuing to wreak havoc worldwide and exploit numerous high-profile websites and social media accounts. Forbes is the latest victim of the infamous Arab hacking group. The American business magazine’s website was recently vandalized, with the hackers posting hate-text on the home page. This was achieved by gaining access to the website’s WordPress panel.

</Read More>
iStock_000019280346XSmall

“It will never happen to me”- thoughts about security awareness

Mar 28, 2013 By carolineb | Today’s targeted cyber-attacks force organizations to act rapidly and involve more and more security professionals in order to secure their software. Security education awareness focuses on the need to involve developers in the security testing process. These are great blog posts surrounding security awareness and education; we thought it’s worth a share.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.