Tag : Secure SDLC

Tips to Secure SDLC

Quick Tips To Secure Your SDLC

Dec 22, 2016 By Arden Rubens | Applications have become as complex as ever, and with the constant evolution and advancement of applications, cyber threats have become of the biggest risks that organizations today face – and as most of the past cyber attacks on organizations teach us, those risks can be absolutely disastrous. Therefore, along with the increased business risks and concerns correlating with insecure software, the attention from organizations is significantly more focused on building securely.

</Read More>
Secure SDLC-01

The Best Ways to Ensure a Lasting Secure SDLC

Aug 05, 2016 By Sarah Vonnegut | To start the discussion on why a Secure SDLC is more important now than ever, we need to take a look at the evolution in applications and how they’re being secured. Both applications and the way organizations are tasked with securing them have changed dramatically over the past few decades.

</Read More>
Pentesting Blogs

The 13 Most Helpful Pentesting Resources

Jul 26, 2016 By Sarah Vonnegut | Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.

</Read More>
devops + security-01

4 Keys To Integrating Security into DevOps

Jul 01, 2016 By Sarah Vonnegut | Faster, predictable releases, lower development costs, and a market constantly demanding new features and products have made the ecosystem ripe for the emergence of a new way of developing software. The development world responded to those demands, bringing the DevOps movement from unknown into the mainstream. Multiple releases a day would have been unheard of 10 to 15 years ago. Today it’s the norm.

</Read More>
what is static code review?

What is Static Code Review?

Jun 30, 2016 By Paul Curran | Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review.
These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits but also fits the requirements set forth by the organization or their customers.

</Read More>
Blog Headers (10)

Secure Application Development: Avoiding 5 Common Mistakes

Apr 01, 2016 By Sarah Vonnegut | It’s 2016 – and yet, somehow, ‘easy-to-avoid’ vulnerabilities like SQL injection and XSS can be found on websites of government agencies, Global 500 companies, as well as in highly sensitive medical and financial applications developed and deployed around the world. Two decades of the same kinds of attacks and we still haven’t gotten secure application development figured out.

</Read More>
Blog Headers

Security Testing in the SDLC: A Beginner’s Guide

Feb 26, 2016 By Sarah Vonnegut | As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the code they write is secure well before it gets deployed.   This is where a strong security testing approach becomes an organization’s saving grace.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.