If you were to take a look at the current job market for developers, application security engineers, solution architects, penetration testers, or systems engineers, it’s clear that application security testing skill sets are in high demand. You’ll also notice that Checkmarx has become synonymous with application security testing. Gartner further validated this by naming Checkmarx
Tag: Source Code Analysis
“The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant. Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading
Late in 2015, just over a month before hackers plunged over 230,000 residents in the Western Ukraine into darkness for 6 hours, Forbes forecasted what they considered to be the biggest cybersecurity threat: The Energy Sector. They were right, and remain correct as the exploits and vulnerabilities of 2016 become the major challenges of
Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review. These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits
In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis. While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes
Your source code – along with secure application code practices – is your edge over hackers. A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities
Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.
When I feel ill, I take a trip to my doctor. At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor). The Black Box approach The
2 weeks ago I attended RSA Conference 2016 in San Francisco. I had the chance to attend multiple talks in the AppSec track and listen to what the other vendors, thought-leaders and experts had to say. In a nutshell, all talks and discussions revolved around how to get the developers engaged with the security process.
You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to