Tag : OWASP Top 10

owasp standards

From McAfee to Verizon: Violations of the OWASP Standards Making the Headlines

Dec 20, 2016 By Paul Curran | The Open Web Application Security Project (OWASP) Web Top 10 list has long been the “Gold Standard” for application security testing and when it comes to the Web Top 10, the OWASP standards are due for an update in 2017.   Typically, this list is updated and adjusted every three years (as it was in 2007, 2010 and 2013) to account for changes in the threat landscape for web applications, however, the current OWASPWeb Top 10 has not been updated since 2013. 

</Read More>
Blog Headers (2)

When Booking Your Flight Becomes Dangerous

Mar 07, 2016 By Sarah Vonnegut | Flying is a pain. Booking flights can be just as annoying. But, as one of Checkmarx’s own recently discovered, booking your flight can also be dangerous. David Sopas, a Portuguese security researcher at Checkmarx who hunts bug on the side, found a common, highly disruptive security vulnerability on one of the largest airlines in the world.

</Read More>
cybersecurity_organizations_resources

The Cybersecurity Organizations & Resources You Need to Know

Feb 12, 2016 By Sarah Vonnegut | No matter where you are on your journey in security, there is always room to keep learning. Especially in the security industry, it’s important to aim for a deep understanding of software and how applications interact on the web. In such a dynamic field, there’s no doubt the learning will never end.   Luckily for students of cybersecurity, there are plenty of organizations doing the hard work to help us better understand what we’re working to protect, and how best to secure our own organizations. These organizations are helping fight the “cyber battles” – and are helping us do the same. From nonprofits to university centers to government-funded research facilities, the security industry has its’ bases covered. There’s a never-ending mountain of high-quality research and guides anyone interested can access – if you know the right places to look.

</Read More>
Ultimate Guide to CSRF

The Ultimate Guide to Understanding & Preventing CSRF

Jan 22, 2016 By Sarah Vonnegut | We hear about SQL injection and Cross-Site Scripting constantly – but there are eight other high-risk vulnerabilities we need to be aware of, just in the OWASP Top Ten. One of those eight is yet another one to keep your eyes out for: Cross-Site Request Forgery, normally shortened as CSRF or XSRF.     CSRF is widespread in today’s web apps, OWASP says, and can cause some major damage when exposed in an app that deals with money or data. Just how much damage? The most powerful CSRF attack is most likely this attack discovered against uTorrent in 2008, which would have given an attacker complete control over a victim’s system using a record three CSRF attacks in a row. And while most CSRF attacks aren’t as damaging as that one, they can do damage, given an opportunity in a data-rich web application.  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.