Checkmarx Blog

Application Security, Made Easy

8 days ago
Fast, Secure Development in AWS with a Small Security Team

AppSec Essentials Development teams need to deliver quality software on time and within budget. Successful teams establish goals at the beginning of each project, and they communicate...

Read Article
10 days ago
A Developer’s View: What Exactly Is Modern Application Development?

What is modern application development? That may sound like an impossible question to answer. Not only is “modern” a relative and subjective term, but there are so many different approaches to...

Read Article
18 days ago
OWASP Top 10 – 2021: Checkmarx SAST is Leading the Pack Once Again

Since all software may be vulnerable to attack, lists of software risks can be found at organizations like OWASP, SANS, and others. These groups, and the lists they create, help the...

Read Article
22 days ago
Measuring up to CMMC Compliance with AppSec

Any organization with aspirations to do business with the U.S. Department of Defense will rapidly familiarize itself with the recently introduced Cybersecurity Maturity Model Certification...

Read Article
25 days ago
Why You Need an Accurate “Parts List” for Your Software

With the mass adoption of open source software in recent years, there has been an increasing tendency to include it as dependencies. This means that software systems use open source components...

Read Article
29 days ago
CVE-2021-37794: XSS to One-Click RCE in FileBrowser

According to its official documentation, “FileBrowser” is an open source file managing interface within a specified directory that can be used to upload, delete, preview, rename, and edit your...

Read Article
about 1 month ago
A Developer’s List of Key Container Security Risks

There are a variety of excellent reasons to use containers. They’re more agile and consume fewer resources than virtual machines. They provide more flexibility and security than running...

Read Article
about 1 month ago
A Developer’s Guide to Managing Open Source Risks

We’re living in an open source world. If you’re a developer today, it’s very likely that – no matter where you work or what type of applications you build – you rely at least in part on open...

Read Article
about 1 month ago
A Developer’s List of Infrastructure as Code (IaC) Risks

Infrastructure-as-Code (IaC) tools are exemplary software solutions that Developers and DevOps teams use to describe common infrastructure components like servers, VPCs, IP addresses or VMs in a...

Read Article
about 1 month ago
OWASP API Risk List: What It Does Well, and What Could Be Improved

Heeding the security advice of leading community groups – like the Open Web Application Security Project (OWASP) – is a best practice for developers. But so is original, creative thinking about...

Read Article
about 2 months ago
Why Cloud-Ready, Centralized AppSec Must Underpin State Government Cloud Adoption

State and local governments are accelerating their use of the cloud as they focus on delivering more digital services with fewer resources and continue responding to pandemic pressures. In a...

Read Article
about 2 months ago
A Developer’s List of Microservices Risks

If you’re a developer today, it’s hard not to love microservices. By adding agility and resiliency to applications, microservices architectures make it easier to build high-performing apps. But a...

Read Article
about 2 months ago
Streamlined DevSecOps Requires State and Local Gov to Consolidate AST

Digitization of state and local government services has been trending globally over the last decade. Naturally, COVID-19 accelerated demand for digital government services even more, so...

Read Article
about 2 months ago
How API Use Cases Have Evolved, and What It Means for API Security

APIs are like telephones: they have been around for quite a while, yet they have changed tremendously in recent years. And if you take the same approach to managing and securing them today as you...

Read Article
2 months ago
CTparental Vulnerabilities Enabled Filter Bypassing

For those who don’t know me, I am a mother to two brilliant children who are better at the game of chess than an average kid their age, and their chess teacher advised them to find suitable chess...

Read Article
2 months ago
Checkmarx – Making Waves Once Again

In organizations that encourage the usage of modern application development techniques to expedite the development, delivery, and deployment of custom software applications, the likelihood of...

Read Article
2 months ago
Why Developers Worldwide Benefit from Secure Coding Education

Global Developers think secure coding education can save time and money while adding personal and organizational value. The impact of COVID-19 has accelerated worldwide demand for increasing the...

Read Article
2 months ago
Why Centralized Risk Management and Governance Are Key to Modernizing Legacy Applications

A Mandate from Federal Government Today, security is an absolute requirement. The Federal Government knows that security is a critical issue, so it mandated State and Local Government agencies...

Read Article
2 months ago
The Magic of GitLab’s Templates: What’s New with Checkmarx GitLab Integration

Last year at GitLab Commit, I presented our integration with GitLab to initiate Checkmarx security scans within your GitLab CI/CD pipeline. I walked through the progression of our integrations,...

Read Article
3 months ago
What’s Lurking Within: Stopping Malicious Actors in Software Supply Chains

What’s Lurking Within? Malicious Code. Supply chain attacks occur when cyberthreat actors insert malicious code into trusted software, creating a vector to further compromise data or systems. To...

Read Article
Loading More...