Tag : OWASP

iStock_000024004901Small-300x300

7 Essential Resource Centers to Boost Your InfoSec IQ

Dec 04, 2014 By Sharon Solomon | Many applications today possess critical vulnerabilities – SQL injections (SQLi), Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) being just a few of them. The first step in combating these security issues is getting to know how they work and learning about them from real life scenarios. Unfortunately, not all developers today are familiar with the security aspects of software development.

</Read More>
Sokols-Security-Takeaways-1-300x300

Risks and Rewards in Security: An Interview with Josh Sokol, InfoSec Program Owner and Creator of SimpleRisk

Sep 23, 2014 By Sarah Vonnegut | When you’re in the midst of a security issue, getting to the point of feeling on top of security again can seem a million miles away. Because in the end, security is about being aware of what’s going on in your environment and having a proactive approach to dealing with the threats. Being able to prioritize the severity of those threats and vulnerabilities that could impact the business is key to any security practitioner’s job. It’s in that vein that we recently spoke with Josh Sokol, an OWASP leader and the creator of SimpleRisk, an open source risk management tool he released to the community to help take some of the ‘obscurity’ out of security. With a background in computer science, a deep understanding of OWASP principles and as the owner of a security program at a large company, Sokol has a lot of great advice on how to do application security as well as security in general.

</Read More>
HTML5

Learning from the Experts – How JavaScript and HTML5 Vulnerabilities Affect Application Security

May 20, 2014 By Sharon Solomon | Checkmarx recently sponsored an educational webinar to raise Application Security awareness amongst developers and IT professionals. JavaScript and HTML5 were given special attention in the online event hosted by SecureWorld. The aim was to shed some light on the vulnerabilities created by the integration of new features and functionality into the programming languages. Maty Siman from Checkmarx and LivePerson’s Yair Rovek shared their InfoSec Industry experiences backed by real-time demonstrations. Sam Masiello, Head of Application Security at Groupon, was the moderator. “Insecure code is all around us,” Masiello explained at the beginning of the webinar. “It doesn’t matter if you are running Windows, iOS, Android or Java. These loopholes, if left unpatched, leave your company data vulnerable.”

</Read More>
iStock_000033496462Small

7 Tips For Choosing The Right Tool To Secure Your Application

May 14, 2014 By Sharon Solomon | With more and more leading applications and websites are being hacked, internet users are thinking twice before sharing personal information online. With hacktivism, commercial espionage and criminal hackings on the rise, it has become extremely crucial to safeguard databases and make sure that adequate application-layer security is in place. Unfortunately, the responsibility for providing this security often falls on the narrow shoulders of the QA teams. Operating under tight deadlines, they already have their hands full and eventually fail to address the glaring security issues. Not all companies have the resources needed to enjoy the services of staff trained to tackle vulnerabilities. Even hiring skilled security professionals is not always “pocket-friendly”. But there is good news. Healthy coding practices and smart vulnerability tool selection can help boost your product’s “immunity” and minimize the need for post-production maintenance.

</Read More>

And The Winner of AppSecTip 2014 is….

Jan 01, 2014 By Sarah Vonnegut | Our #AppSecTip survey was a smashing success, thanks to the many amazing security pros who added their best pieces of AppSec advice! After two months of voting and some very close calls, we have finally arrived at the big announcement. So who takes the awesome AR Drone prize home?
Drum roll, please……

</Read More>
iStock_000024004809Small-300x300

2,000+ Websites Vulnerable With Ruby on Rails Flaw

Nov 28, 2013 By Sarah Vonnegut | A new exploit, discovered by a white-hat hacker, puts users of over 2,000 Websites in danger of attack. Older versions of Ruby on Rails, a popular open source Web app, employ a defective session management system that could affect the users on the thousands of sites that use it. G.S. McNamara, a security researcher based in D.C., first found the vulnerability issue back in September. The exploit is an Insufficient Session Expiration weakness, and McNamara says it’s fairly common. It’s especially dangerous for shared computers with lots of daily user turnover, such as in libraries or internet cafes.

</Read More>
owasp_logo

Checkmarx Wins Award at OWASP Infosec India 2012

Sep 23, 2012 By Administrator | After a highly successful event at OWASP Infosec India last month, we would like to share with you some photos from the event and thank everyone who made the event a success. Thank you for all the visitors that attended our booth and discussed their source code analysis requirements with us.
To continue the dialog, request more information, please contact us. Alternatively you can sign up to start a FREE trial.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.