Checkmarx Blog

Application Security, Made Easy

4 days ago
Introducing Checkmarx API Security

Today, Checkmarx announces the launch of Checkmarx API Security. For us, this is one of the most exciting product launches of the year, because it addresses such a real and large pain point for...

Read Now
5 days ago
Understanding the Top API Security Risks

When developers and IT engineers think about IT security, they tend to break it down into several niches. There’s AppSec, which focuses on securing applications. There’s infosec, which deals with...

Read Now
8 days ago
Banking on the Cloud: Navigating the Transition to AWS Cloud-Native Application Development in Financial Services

As the saying goes, money makes the world go round, and today’s turbulent economic environment demands a stable and secure financial system. People must be confident that they can access their...

Read Now
10 days ago
Large Scale Campaign Created Fake GitHub Projects Clones with Fake Commit Added Malware

Today, as it was revealed by Stephen Lacy in his tweet, he shared his findings of a large-scale campaign targeting random GitHub repositories with project clones containing credential stealing...

Read Now
11 days ago
A Practical Example of the Power of Checkmarx Fusion

Application Security (AppSec) personnel have a tough job these days trying to secure their applications. Many organizations take a fragmented approach to AppSec and scan engines; they may use...

Read Now
12 days ago
When It Comes to Cloud, Location Matters

Checkmarx One™ Cloud-Based Application Security Platform Is Expanding its Footprint The average layperson likely envisions “the cloud” as being some anomalous, effervescent thing that has no...

Read Now
13 days ago
Why Great Code is Secure Code

Today, open source software is the fuel powering modern application development, allowing developers to innovative fast. With ready-made components, open source enables developers to...

Read Now
17 days ago
What Are the Challenges with Securing APIs?

When you expose API services to the public internet, you are responsible not only for their reliable operation, but also for their security. Sufficiently securing and protecting a public API is...

Read Now
24 days ago
Powering Developer Productivity and Reducing AppSec Risk: Checkmarx and Seemplicity Team Up to Give Security Teams an Edge

Reducing software risk and boosting developer and AppSec team productivity are central to our mission here at Checkmarx. We’ve designed the Checkmarx One™ Application Security Platform to be the...

Read Now
25 days ago
What Is Your API Attack Surface?

The proliferation of APIs today is astonishing. According to a recent report, the number of active APIs will approach 1.7 billion by 2030. You might expect that the majority of those APIs would...

Read Now
27 days ago
Investing in AppSec: 7 Considerations for CISO and AppSec Managers

Starting an AppSec program of work is no small feat, be that at a small or large corporation. This journey requires a lot of planning, dedication and of course, sweat. Before you even get...

Read Now
30 days ago
Unverified Commits: Are You Unknowingly Trusting Attackers’ Code?

An alarming software supply chain attack technique allows threat actors to trick developers into using potentially malicious code. By leveraging the ability to spoof and forge commits’ metadata...

Read Now
about 1 month ago
APIs Are Great – But Only If You Manage API Sprawl and Security Risks

If you had to find an analogy for the explosive growth of APIs over the past decade, you might choose to compare them to cell phones. Like cell phones, APIs were once considered a niche...

Read Now
about 1 month ago
JetBrains Leverages Checkmarx to Power Bundled Dependency Checker

IntellliJ IDEA v. 2022.1 and later bundle the free security plugin that identifies vulnerable packagesBoth declared and transitive packages are identifiedBeyond highlighting vulnerable packages,...

Read Now
about 1 month ago
Introducing Checkmarx New Documentation Experience

The idea was certainly in the air, irresistible and palpable. It was brewing slowly and at some point, could be felt distinctly and unavoidably – Checkmarx sorely needs a new documentation portal...

Read Now
about 1 month ago
“CuteBoi” Detected Preparing a Large-Scale Crypto Mining Campaign on NPM Users

Over a thousand packages and users were created on NPM using an automated process in the past few days. Is it a phase one of an upcoming attack? Checkmarx SCS team detected over 1200 npm packages...

Read Now
about 1 month ago
Considerations and Steps for Adopting Managed AppSec Security Tests

To outsource or not to outsource: that is the question. At least, that’s one question you may be asking yourself if you’re trying to decide how to optimize your business’s approach to application...

Read Now
about 1 month ago
Open Source Software Supply Chain Risks and Attack Vectors: How Checkmarx Can Help

A good developer is an efficient developer and part of being an efficient developer is not re-inventing the wheel for every project or solution. As a result, many of us leverage the benefits of...

Read Now
about 2 months ago
Amazon Confirmed and Fixed a High Severity Vulnerability of Broken Authentication in Amazon Photos Android App

Our research team at Checkmarx found that the Amazon Photos Android app could have allowed a malicious application, installed on the user’s phone, to steal their Amazon access token. The Android...

Read Now
about 2 months ago
Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation

2 security issues found on spring function cloud. The Spring Framework application provides a flexible and comprehensive method for programming and configuring Java-based enterprise applications....

Read Now
Loading More...