Rise of the Machines: AI and Security – Free Live Webinar, March 20

Tag: Source Code Analysis

Introducing the Checkmarx Certified Engineer Program (CxCE)

If you were to take a look at the current job market for developers, application security engineers, solution architects, penetration testers, or systems engineers, it’s clear that application security testing skill sets are in high demand. You’ll also notice that Checkmarx has become synonymous with application security testing. Gartner further validated this by naming Checkmarx

Read More ›

Static Code Analysis: Binary vs. Source

“The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant.   Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading

Read More ›

industrial cyber threats

Securing the Energy Sector against Industrial Cyber Threats

Late in 2015, just over a month before hackers plunged over 230,000 residents in the Western Ukraine into darkness for 6 hours, Forbes forecasted what they considered to be the biggest cybersecurity threat: The Energy Sector.   They were right, and remain correct as the exploits and vulnerabilities of 2016 become the major challenges of

Read More ›

What is Static Code Review?

Static code review, as a phrase, is actually a bit misleading. Static code review refers to two divergent methods of security testing: static code analyis and code review. These methods check code for flaws, security issues and quality concerns that, when combined, help developers ensure that their code is not only free from potential exploits

Read More ›

Source Code versus Bytecode Analysis

In the world of software security, there is an ongoing battle over which category of code analysis delivers a higher level of security into the software development lifecycle (SDLC): source code versus bytecode analysis. While both bytecode analysis (BCA) and source code analysis (SCA) seem to offer organizations a high level of security when it comes

Read More ›

Static Analysis Tools: All You Need to Know

Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.

Read More ›

White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms?

When I feel ill, I take a trip to my doctor.  At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor). The Black Box approach The

Read More ›

RSA Conference 2016: AppSec Track Impressions

2 weeks ago I attended RSA Conference 2016 in San Francisco. I had the chance to attend multiple talks in the AppSec track and listen to what the other vendors, thought-leaders and experts had to say. In a nutshell, all talks and discussions revolved around how to get the developers engaged with the security process.

Read More ›

Static Code Analysis Tools – The AppSec Checklist

You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to

Read More ›

Jump to Category