Tag : static code analysis

eBay XSS Vulnerability

What You Need To Know – Millions of eBay Users Exposed

Jan 14, 2016 By Sharon Solomon | Online e-commerce has become the rage. Millions of people worldwide are doing their shopping on the various online platforms. But even enormous e-commerce platforms like eBay are not immune to cybercrime, as security researcher MLT demonstrated recently. The culprit this time was Cross Site Scripting (XSS), a common application layer vulnerability that obviously was not detected/remediated during development.

</Read More>
Agile Software Development

5 Benefits of Automated Security in Agile Software Development

Jan 06, 2016 By Sharon Solomon | The IT industry is constantly evolving, with more and more organizations ditching the old Sequential Design Process (Waterfall). Agile Software Development (ASD), an iterative methodology based on collaboration between various cross-functional and self-organizing teams, is becoming the go-to tactic for many organizations across the globe. But Agile software development also requires proper security implementation for optimal results. What is the best application security strategy for this popular methodology? Lets find out.

</Read More>
Cloud Application Security

All You Wanted To Know About Cloud Security

Dec 09, 2015 By Sharon Solomon | The IT world is advancing at an astonishing pace. Just a few years ago data was stored physically on databases and software was managed manually. But today more and more organizations are gravitating towards cloud based solutions for their computing needs. While being extremely convenient, cheap and hassle-free, insecure programming can lead to a plethora of vulnerabilities and loopholes that can spell disaster if exploited maliciously.

</Read More>
SAST vs IAST

SAST vs IAST – Which AppSec Solution Is Right For You?

Aug 13, 2015 By Sharon Solomon | With cybercrime escalating worldwide, application security has become a big challenge for organizations and governments. Penetration (Pen) Testing and Dynamic Application Security Testing (DAST) are capable solutions, but have their fair share of inherited deficiencies. Interactive Application Security Testing (IAST), an upcoming security methodology, is being increasingly compared with Static Application Security Testing (SAST). This article will take a closer look at these two security solutions and compare their functionality.  

</Read More>
Identity Theft

All You Wanted To Know About Identity Theft

Aug 05, 2015 By Sharon Solomon | With the internet revolution in full swing, web and mobile applications are extracting more and more private information from us. While this is definitely making life easier and enhancing our productivity, large databases of Personally Identifiable Information (PII) are left exposed due to lack of security awareness and/or vulnerable applications. Identity Theft has become a common occurrence in today’s cyberspace, making it important for organizations to understand the nature of the risks and eliminate them before it’s too late.

</Read More>
Static Analysis vs Pen Testing

Static Analysis vs Pen Testing – Which One Is Right For You?

Jul 28, 2015 By Sharon Solomon | Penetration (Pen) Testing has long been the go-to tool for organizations looking to safeguard their applications. But the ever-evolving hacking techniques are exposing this aging solution’s shortcomings. The growing consensus in security circles is that applications need to be bolstered from the core – the source code. This is exactly where Static Analysis enters the picture, helping detect application layer vulnerabilities and coding errors.

</Read More>
Application Security Program Leader

8 Problems Every Application Security Program Leader Has To Tackle

Jun 17, 2015 By Sharon Solomon | Despite the astounding rise in cybercrime and hacking incidents worldwide, the modern Application Security Program Leader faces numerous bumps and obstacles on a daily basis within his organization. Application security has come a long way in the last decade, but the inherited limitations of the traditional solutions are not making life easy.

</Read More>
Automated Application Security Testing

Application Security Testing – Automated Vs Manual

May 19, 2015 By Sharon Solomon | The massive rise in the number of web and mobile applications in recent years has indirectly led to an inferno of cybercrime that aims to exploit application-layer vulnerabilities. Organizations have a wide range of security products at their disposal today, but they are often unable to decide between automated and manual application security testing. This article aims at providing an in-depth comparison between the two methodologies.

</Read More>
Most Popular Posts 2014

Most Popular Stories of the Year from the Checkmarx Blog

Jan 01, 2015 By Sarah Vonnegut | With the beginning of the New Year comes lots of reflection for the past 365 days. Here at Checkmarx, we had a fantastic and busy year – and it definitely shows on the blog. If you’re looking for some good security info to sink in to or want to catch up on the stories you missed, look no further. To wrap up the year and start out 2015 on a strong note, we’re sharing our top 12 most popular stories on our blog from the past year.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.