Application SecuritySASTSecure CodingSource Code Analysisstatic code analysis Introducing the Checkmarx Certified Engineer Program (CxCE) Aug 1, 2018 by Liora R. Herman If you were to take a look at the current job market for developers, application security engineers, solution architects, penetration testers, or systems engineers, it’s clear that application security testing skill sets are in high demand. You’ll also notice that Checkmarx has become synonymous with application security testing. Gartner further validated this by naming Checkmarx Read More › Application SecuritySASTSecure CodingSource Code Analysisstatic code analysis
Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing Why SAST is Essential for a Security Vulnerability Assessment May 5, 2016 by Sarah Vonnegut Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices. And while it’s true that some organizations are better Read More › Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing
Application SecurityBlack Box TestingSASTSource Code AnalysisVulnerabilityWhite Box Testing White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms? Mar 28, 2016 by Amit Ashbel When I feel ill, I take a trip to my doctor. At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor). The Black Box approach The Read More › Application SecurityBlack Box TestingSASTSource Code AnalysisVulnerabilityWhite Box Testing
Automated TestingSASTSDLCSecure SDLCSecurity Testing Security Testing in the SDLC: A Beginner’s Guide Feb 26, 2016 by Sarah Vonnegut As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the Read More › Automated TestingSASTSDLCSecure SDLCSecurity Testing
Application SecurityMalwareMobile SecurityphishingSASTSDLCSecure Codingstatic code analysisVulnerability All You Wanted To Know About Online Banking Security Jan 17, 2016 by Sharon Solomon Gone are the days when people frequented their banks to get their errands done. With more and more banking activities being performed online via web and mobile applications, the security risks are rising exponentially. But are banks and financial institutions doing enough to safeguard our privacy and financial assets? What are the risks and what Read More › Application SecurityMalwareMobile SecurityphishingSASTSDLCSecure Codingstatic code analysisVulnerability
Cloud SecurityIaaSPaaSSaaSSASTstatic code analysis All You Wanted To Know About Cloud Security Dec 9, 2015 by Sharon Solomon The IT world is advancing at an astonishing pace. Just a few years ago data was stored physically on databases and software was managed manually. But today more and more organizations are gravitating towards cloud based solutions for their computing needs. While being extremely convenient, cheap and hassle-free, insecure programming can lead to a plethora of vulnerabilities and Read More › Cloud SecurityIaaSPaaSSaaSSASTstatic code analysis
Application SecurityCross Site ScriptingDASTPenetration TestingRafay BalochSASTWAFXSS Eye Of The Hacker: Analyzing Today’s Top Application Security Solutions Aug 20, 2015 by Sharon Solomon Rafay Baloch takes no prisoners when it comes to exposing vulnerabilities. An ethical hacker since the young age of 14, Baloch is now known within InfoSec circles as a seasoned security expert. His ever-growing list of “victims” includes leading platforms such as Android, Google, PayPal and Nokia, with the former earning him worldwide acclaim. Read More › Application SecurityCross Site ScriptingDASTPenetration TestingRafay BalochSASTWAFXSS
Application Security TestingASTIASTOWASPSASTstatic code analysis SAST vs IAST – Which AppSec Solution Is Right For You? Aug 13, 2015 by Sharon Solomon With cybercrime escalating worldwide, application security has become a big challenge for organizations and governments. Penetration (Pen) Testing and Dynamic Application Security Testing (DAST) are capable solutions, but have their fair share of inherited deficiencies. Interactive Application Security Testing (IAST), an upcoming security methodology, is being increasingly compared with Static Application Security Testing (SAST). This Read More › Application Security TestingASTIASTOWASPSASTstatic code analysis
HIPAAidentity theftMISRAOWASPPCI DSSPersonally Identifiable InformationPIIPrivacy ViolationSANS 25SASTSocial Engineeringstatic code analysis All You Wanted To Know About Identity Theft Aug 5, 2015 by Sharon Solomon With the internet revolution in full swing, web and mobile applications are extracting more and more private information from us. While this is definitely making life easier and enhancing our productivity, large databases of Personally Identifiable Information (PII) are left exposed due to lack of security awareness and/or vulnerable applications. Identity Theft has become a Read More › HIPAAidentity theftMISRAOWASPPCI DSSPersonally Identifiable InformationPIIPrivacy ViolationSANS 25SASTSocial Engineeringstatic code analysis
Penetration TestingSASTSDLCsSDLCstatic code analysis Static Analysis vs Pen Testing – Which One Is Right For You? Jul 28, 2015 by Sharon Solomon Penetration (Pen) Testing has long been the go-to tool for organizations looking to safeguard their applications. But the ever-evolving hacking techniques are exposing this aging solution’s shortcomings. The growing consensus in security circles is that applications need to be bolstered from the core – the source code. This is exactly where Static Analysis enters the picture, helping detect application Read More › Penetration TestingSASTSDLCsSDLCstatic code analysis