Tag : SAST

Application Security Program Leader

8 Problems Every Application Security Program Leader Has To Tackle

Jun 17, 2015 By Sharon Solomon | Despite the astounding rise in cybercrime and hacking incidents worldwide, the modern Application Security Program Leader faces numerous bumps and obstacles on a daily basis within his organization. Application security has come a long way in the last decade, but the inherited limitations of the traditional solutions are not making life easy.

</Read More>
SAST

SAST vs WAF – 5 Reasons To Opt For SAST

Jun 03, 2015 By Sharon Solomon | With the industrialization of cybercrime and rise in hacking severity, the value of traditional application security techniques is imploding. The Web Application Firewall (WAF), considered as a go-to security solution until not long ago, is currently experiencing a constant erosion in its effectiveness. On the other hand, Static Application Security Testing (SAST) solutions are gaining momentum.  

</Read More>
Proactive AppSec

The Ten Commandments of Proactive Application Security

May 29, 2015 By Sarah Vonnegut | When you’re constantly reacting to suspicious alerts and fixing vulnerabilities only after they’ve been exploited, you’re missing the point of application security.   Application security, according to Wikipedia, “encompasses the measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying vulnerabilities… of the application.” The practice of application security, at its core, exists solely to protect the data of an organization’s applications and, more importantly, the organization itself.  

</Read More>
Automated Application Security Testing

Application Security Testing – Automated Vs Manual

May 19, 2015 By Sharon Solomon | The massive rise in the number of web and mobile applications in recent years has indirectly led to an inferno of cybercrime that aims to exploit application-layer vulnerabilities. Organizations have a wide range of security products at their disposal today, but they are often unable to decide between automated and manual application security testing. This article aims at providing an in-depth comparison between the two methodologies.

</Read More>
Logo

PCI DSS Compliance Made Easy Using Source Code Analysis

May 05, 2015 By Sharon Solomon | The e-commerce and retail fields have undergone mammoth changes over the last decade. Paying in hard cash has almost become a thing of the past. Credit and debit cards are now being used to conduct millions of transactions and e-shopping purchases on a daily basis worldwide. But this new reality has also introduced numerous security perils.  

</Read More>
AppSec 101

AppSec 101: The Secure Software Development Life Cycle

Mar 19, 2015 By Sharon Solomon | Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software Development Life Cycle (also known as sSDLC).  

</Read More>
iStock_000019668000Small

Mobile Friday: Ten Commandments of Android Safety

Mar 21, 2014 By Sharon Solomon | The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.
Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high. Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.

</Read More>
iStock_000031268648Small

Cridex Banking Trojan Still Alive and Kicking

Mar 12, 2014 By Sharon Solomon | The Cridex Banking Trojan is wreaking havoc in Europe, especially in Germany. Hackers are implementing the traditional phishing methodology to trick victims into compromising their banking information. The Cridex malware has now officially overtaken the ZeuS Trojan and its clones thanks to the recent activity spike. Six different URL schemes are being used to cover-up the spam campaigns. The malicious mails are masked with graphics and text from German commercial giants such as Telekom (almost half of the infected URLs), Volksbank, Vodafone and also NTTCable.

</Read More>
iStock_000017757979XSmall

Stop the Neglect – Scan Your Source Code Before You Regret

Dec 11, 2013 By Sharon Solomon | Hacktivism, commercial malware and criminal exploitation have become the norm in today’s cyberspace. This worrying trend has magnified the need for a comprehensive testing solution that can be integrated into the SDLC. Enter Source Code Analysis (SCA).

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.