Tag : SAST

SAST-Security-Vulnerability-Assessment-01

Why SAST is Essential for a Security Vulnerability Assessment

May 05, 2016 By Sarah Vonnegut | Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices.
  And while it’s true that some organizations are better at this than others (or sometimes just luckier), the fact remains that nobody needs to be reminded that security vulnerability assessments are worthwhile.

</Read More>
White Box vs Black Box

White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms?

Mar 28, 2016 By Amit Ashbel | When I feel ill, I take a trip to my doctor.  At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor).
The Black Box approach
The doctor’s initial prognosis for a regularly healthy person is usually based on visible symptoms and information reported by the patient. A runny nose could indicate a simple cold. However, it can also indicate the flu, allergies, sinusitis, deviated septum and sometimes, it could even indicate pregnancy. If symptoms don’t persist or increase in severity, the doctor will maintain their prognosis and assign a standard treatment.

</Read More>
Blog Headers

Security Testing in the SDLC: A Beginner’s Guide

Feb 26, 2016 By Sarah Vonnegut | As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the code they write is secure well before it gets deployed.   This is where a strong security testing approach becomes an organization’s saving grace.

</Read More>
Online Banking Security

All You Wanted To Know About Online Banking Security

Jan 17, 2016 By Sharon Solomon | Gone are the days when people frequented their banks to get their errands done. With more and more banking activities being performed online via web and mobile applications, the security risks are rising exponentially. But are banks and financial institutions doing enough to safeguard our privacy and financial assets? What are the risks and what role do application developers play in providing online banking security? Let’s take a closer look.

</Read More>
Cloud Application Security

All You Wanted To Know About Cloud Security

Dec 09, 2015 By Sharon Solomon | The IT world is advancing at an astonishing pace. Just a few years ago data was stored physically on databases and software was managed manually. But today more and more organizations are gravitating towards cloud based solutions for their computing needs. While being extremely convenient, cheap and hassle-free, insecure programming can lead to a plethora of vulnerabilities and loopholes that can spell disaster if exploited maliciously.

</Read More>
Application Security

Eye Of The Hacker: Analyzing Today’s Top Application Security Solutions

Aug 20, 2015 By Sharon Solomon | Rafay Baloch takes no prisoners when it comes to exposing vulnerabilities. An ethical hacker since the young age of 14, Baloch is now known within InfoSec circles as a seasoned security expert. His ever-growing list of “victims” includes leading platforms such as Android, Google, PayPal and Nokia, with the former earning him worldwide acclaim.

</Read More>
SAST vs IAST

SAST vs IAST – Which AppSec Solution Is Right For You?

Aug 13, 2015 By Sharon Solomon | With cybercrime escalating worldwide, application security has become a big challenge for organizations and governments. Penetration (Pen) Testing and Dynamic Application Security Testing (DAST) are capable solutions, but have their fair share of inherited deficiencies. Interactive Application Security Testing (IAST), an upcoming security methodology, is being increasingly compared with Static Application Security Testing (SAST). This article will take a closer look at these two security solutions and compare their functionality.  

</Read More>
Identity Theft

All You Wanted To Know About Identity Theft

Aug 05, 2015 By Sharon Solomon | With the internet revolution in full swing, web and mobile applications are extracting more and more private information from us. While this is definitely making life easier and enhancing our productivity, large databases of Personally Identifiable Information (PII) are left exposed due to lack of security awareness and/or vulnerable applications. Identity Theft has become a common occurrence in today’s cyberspace, making it important for organizations to understand the nature of the risks and eliminate them before it’s too late.

</Read More>
Static Analysis vs Pen Testing

Static Analysis vs Pen Testing – Which One Is Right For You?

Jul 28, 2015 By Sharon Solomon | Penetration (Pen) Testing has long been the go-to tool for organizations looking to safeguard their applications. But the ever-evolving hacking techniques are exposing this aging solution’s shortcomings. The growing consensus in security circles is that applications need to be bolstered from the core – the source code. This is exactly where Static Analysis enters the picture, helping detect application layer vulnerabilities and coding errors.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.