Tag: OWASP

SAST vs IAST – Which AppSec Solution Is Right For You?

With cybercrime escalating worldwide, application security has become a big challenge for organizations and governments. Penetration (Pen) Testing and Dynamic Application Security Testing (DAST) are capable solutions, but have their fair share of inherited deficiencies. Interactive Application Security Testing (IAST), an upcoming security methodology, is being increasingly compared with Static Application Security Testing (SAST). This

Read More ›

All You Wanted To Know About Identity Theft

With the internet revolution in full swing, web and mobile applications are extracting more and more private information from us. While this is definitely making life easier and enhancing our productivity, large databases of Personally Identifiable Information (PII) are left exposed due to lack of security awareness and/or vulnerable applications. Identity Theft has become a

Read More ›

OWASP Top 10 for IoT Explained

Even though the software industry has been dealing with security issues since the web introduced itself almost 30 years ago, IoT manufacturers who have not had this struggle in the past are now stepping into a world of pain which they can probably avoid if they use the lessons learned in the past.  Internet of

Read More ›

Mobile Security In Limbo With Coding Vulnerabilities Galore

It’s no secret is that the smartphone is the modern man’s best friend. Over 7 billion mobile devices are being used today all around the world and they are multiplying 5 times faster than human beings. With the astronomical amounts of private information being transferred worldwide, the need for strong mobile security has become paramount. Unfortunately,

Read More ›

The AliExpress XSS Hacking Explained

This post was originally published on the AppSec-Labs blog.   As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate

Read More ›

AppSec 101: The Secure Software Development Life Cycle

Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known

Read More ›

Game of Hacks: Promoting Secure Coding Practices

Application security has become a huge challenge for IT companies worldwide. More and more exploits, causing widespread financial and technical damage, are being reported on almost a daily basis. While primarily taking these security issues head-on, Checkmarx is also providing an interactive solution to promote secure coding standards within organizations.  

Read More ›

Most Popular Stories of the Year from the Checkmarx Blog

With the beginning of the New Year comes lots of reflection for the past 365 days. Here at Checkmarx, we had a fantastic and busy year – and it definitely shows on the blog. If you’re looking for some good security info to sink in to or want to catch up on the stories you

Read More ›

Recent PayPal Bug Highlights CSRF Vulnerability Risks

PayPal has revolutionized the e-commerce market in recent years with its convenient characteristics that bolster user privacy. Gone are the days when online shopping required cumbersome bank transfers or complex credit card verifications. Unfortunately there is still work to be done on the security front after Egyptian researcher Yasser Ali shocked the world with his PayPal bug

Read More ›

7 Essential Resource Centers to Boost Your InfoSec IQ

Many applications today possess critical vulnerabilities – SQL injections (SQLi), Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) being just a few of them. The first step in combating these security issues is getting to know how they work and learning about them from real life scenarios. Unfortunately, not all developers today are familiar with the

Read More ›

Jump to Category