Tag : security awareness


A Quick Guide to Ethical Hacking + Top Hacking Tools

May 16, 2016 By Sarah Vonnegut | They say the best defense is a great offense – and with application security, that’s certainly a big factor in staying ahead of the hackers. Organizations keen on keeping malicious hackers out of their systems will use any number of offensive measures as a way to find the kinds of holes attackers could use against them. Penetration testing, among other forms of offensive security, is perfect for the job – and ethical hacking has become an important part of an organization’s security program. 

</Read More>
Blog Headers

13 More Hacking Sites to (Legally) Practice Your InfoSec Skills

Nov 06, 2015 By Sarah Vonnegut | Read the first post, 15 Vulnerable Sites to (Legally) Practice Your Hacking Skills here.   There’s a well-known saying that before you judge someone you should always “walk a mile in the other person’s shoes.”  You can’t get the full picture behind a person without first living like they do and understanding what goes on in their heads.     In organizations around the world, there’s a big push to be more “security aware,” and it’s an important part of our jobs. We’re defenders, and we have a big job to do in making sure our applications and systems are secure from any threat that might come at us. But there’s another side to being good at defending your applications and systems. Those dealing with security also need to “walk a mile in the other persons shoes” – but in our case, it’s about understanding the attackers side not so we can empathize, but so we can minimize the risks posed by and to our applications.   

</Read More>

Beyond XSS and CSRF: Same Origin Method Execution

Aug 12, 2015 By Sarah Vonnegut | Unless you were living under a rock last fall, you heard about the major iCloud hack that saw nude pictures of A-list celebrities posted all over the web. The fact that someone could hack into private clouds and steal the sensitive data contained within alarmed web users around the world.   That wasn’t the only exploit of its kind. If someone malicious had discovered another, similar exploit on Google+, there could have been a similar batch of stolen photos.   Luckily, the hacker that found them is a white-hat and plays for the good side. Ben Hayak plays for the good side, and our private Google Plus photos have been saved from prying hands.   Ben, a senior security engineer at Salesforce, recently discovered a method of attack that would pose major threats to users and sites with successful attacks.  

</Read More>
Untitled design (8)

5 Steps That WILL Raise Your Developers Information Security Awareness

Jul 17, 2015 By Sarah Vonnegut | In the same post where Bruce Schneier famously said that he personally believes “that training users in security is generally a waste of time, and that the money can be better spent elsewhere,” he added an important caveat about training developers. Developers, he wrote, “are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system.”

</Read More>

All You Need to Know About Shellshock & What You Can Do About It

Oct 02, 2014 By Sarah Vonnegut | So, what happens when a core component of Mac, Linux and other Unix-based operating systems is found to be highly vulnerable and easily exploitable? 
Last week, we found out: On September 24th, the world was first introduced to a family of bugs in the Bash shell, being referred to both as ‘Shellshock’ and ‘Bashdoor’.
Here’s a breakdown of what the Bash bug is, how it can be exploited, and how you can protect yourself.
Background on Bash & the Bash Bug Being Called Shellshock
Bash (short for Bourne Again Shell) is a command-line shell used to type and execute commands. It is prevalent in Mac OS X, Linux, and other versions of UNIX operating systems. It’s also a mainstay on servers running Apache, accounting for about 51% of the world’s servers.

</Read More>

“It will never happen to me”- thoughts about security awareness

Mar 28, 2013 By carolineb | Today’s targeted cyber-attacks force organizations to act rapidly and involve more and more security professionals in order to secure their software. Security education awareness focuses on the need to involve developers in the security testing process. These are great blog posts surrounding security awareness and education; we thought it’s worth a share.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.