AST Platform Demo
Watch Now
Release Secure Code Faster
-
-
Partnering in a World of Secure Code: Mark Osmond discusses the innovative Checkmarx approach on CRNTV
The software world will always need devoted security innovators, and Checkmarx is fostering global partnerships to better meet the industry’s needs.
Read Now
-
The Case for Outsourcing AppSec Testing to a Managed Service Provider
Businesses commonly turn to managed service providers to help handle IT processes like data backup and recovery, network management, and mobility management. Here’s another key type of managed...
Read Now
-
IDC Offers Commentary on Checkmarx Open Source Supply Chain Security Solution
Modern application development must address supply chain security risksSoftware Composition Analysis (SCA) tools are part of, but not the complete solutionVulnerable and malicious are two very...
Read Now
-
Static Analysis of Infrastructure as Code with Codefresh and Checkmarx
Infrastructure as Code (IaC) is the description of infrastructure (clusters, virtual machines, networking, storage, etc.) with a declarative model and its subsequent management using the same...
Read Now
-
5 Keys to Success from Checkmarx’s CRN Women of the Channel
Today CRN®, a brand of The Channel Company, announced its highly respected annual Women of the Channel list and I always look forward to seeing all of the amazing leaders who are featured each...
Read Now
-
Understanding the Development Best Practices Landscape for Modern Secure Application Development
Modern Application Development (MAD) is an approach to developing software applications using cloud-native technologies. The main idea is to leverage newer emerging tools like K8s to bootstrap...
Read Now
-
2021 Software Security in Latin America Report
Read Now
-
Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks
Malicious packages in multiple programming languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. The fact...
Read Now
-
Securing the Open Source Supply Chain
Watch Now
-
Attacker Adds Evasive Technique to Their Ongoing Attacks on NPM
Intro A few weeks ago, we wrote about a new threat actor we called RED-LILI and described their capabilities, including an in-depth walkthrough of the automated system for publishing malicious...
Read Now
-
StarJacking – Making Your New Open Source Package Popular in a Snap
Checkmarx supply chain security has recently found a malicious PyPi package with more than 70,000 downloads using a technique we dubbed StarJacking - a way to make an open source package...
Read Now
-
Checkmarx and JetBrains Make Great Apps, Secure Apps
Now developers can utilize hassle-free security whenever they need it The pace of software development is accelerating. The development team is under pressure to continuously deliver as App...
Read Now
-
Open Source Licenses – Understanding the Risk Factors
Following our recent blog post on what are open source licenses, their types, and their limitations, in this post, we will dive into the risks for being a non-compliant business, and how an...
Read Now
-
Open Source Licenses – Everything You Need to Know
What are Open Source (OS) Licenses? OS dependencies are being used very broadly among developers due to their amazing benefits.Studies show that ~85–97% of the software applications rely on OS...
Read Now
-
DevOps Security | KraLv Maga | Lugapel
Watch Now
-
All You Need to Know about Spring Framework Vulnerabilities
On March 29th, 2022, two separate RCE (Remote Code Execution) vulnerabilities related to different Spring projects were published and discussed all over the internet. In addition, a third...
Read Now
-
New Protestware Found Lurking in Highly Popular NPM Package
Does Protestware undermine the trustworthiness of OSS ecosystems? Two popular packages, “styled-components” and “es5-ext”, with millions of weekly downloads and thousands of dependent projects,...
Read Now
-
SpringShell – Remote Code Execution via Spring Web
SpringShell is a new vulnerability in Spring, the world’s most popular Java framework, which enables remote code execution (RCE) using ClassLoader access to manipulate attributes and setters....
Read Now
-
Align Different Perspectives to Implement AppSec
The ultimate goal of any organization that has decided to build a new application is to create a product which will be used to support a specific process. Every group inside an organization can...
Read Now
-
Loading More...
