CISA’s Ransomware Vulnerability Awareness Pilot: But Is It Enough?

CISA’s Ransomware Vulnerability Awareness Pilot: But Is It Enough?

In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators ... Read More
What is the ROI of Checkmarx Application Security Testing (AST)?

What is the ROI of Checkmarx Application Security Testing (AST)?

When it comes to IT security initiatives, many enterprises struggle to quantify business value and return on investment (ROI), often viewing their security spend solely as an insurance expense – a must-have in today’s world of compliance regulations and inevitable cyberattacks. But by implementing the right solutions, organizations can mitigate ... Read More
2021 Cybersecurity Predictions: Our Experts Weigh In

2021 Cybersecurity Predictions: Our Experts Weigh In

To say that 2020 was an unusual year would be an understatement. Business, government, healthcare, and education drastically changed with many organizations making massive digital transformations that were completely unplanned in many cases. The modifications nearly every organizations had to make were primarily driven by events outside of anyone’s control ... Read More
How Agencies Can Take Advantage of DevSecOps and Automation to Accelerate ATOs

How Agencies Can Take Advantage of DevSecOps and Automation to Accelerate ATOs

As federal agencies develop more online services and systems to meet the mission of the U.S. government, their appetite and need to develop and deploy secure software applications rapidly continues to grow. Many agencies are embracing DevSecOps and cloud services as a way to release these applications quickly; however, the ... Read More
Erez Yalon: A Security Leader in the API Economy

Erez Yalon: A Security Leader in the API Economy

The proliferation of software applications is accelerating due to the use of APIs, which have become the technological vascular system (so to speak) of nearly every application and online service. From mobile apps to backend servers, and from one online service to another, huge amounts of users’ interactions and data ... Read More
Remarkable University Study About Real-World Cybersecurity Training

Remarkable University Study About Real-World Cybersecurity Training

Today’s cybersecurity and software development students spend years in the classroom honing their skills for gainful employment once they graduate. They’re being equipped with deep knowledge of application vulnerabilities, real-world attack scenarios, and extensive software development expertise that includes secure coding practices. The many students the universities are educating today ... Read More
Application Security: Turbulence Often Leads to Transformation

Application Security: Turbulence Often Leads to Transformation

Most security and risk (S&R) professionals in our industry have heard of Top 10 Lists. For example, OWASP and their community of contributors have expanded their Top 10 security projects to include Mobile Apps, APIs, IoT, Serverless, Containers, Blockchain, etc. In fact, there are a large number of OWASP Projects ... Read More
On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations ... Read More
You Better Get Going with Go

You Better Get Going with Go

“I think Node (.js) is not the best system to build a massive server web. I would use Go for that. And honestly, that’s the reason why I left Node. It was the realization that: oh, actually, this is not the best server-side system ever.” (HS, 2017) This quote is ... Read More
Welcome to Checkmarx Golang Week!

Welcome to Checkmarx Golang Week!

When beginning to utilize any new programming language, a frequent obstacle developers face is the sheer lack of secure coding education and training about common pitfalls and coding errors during the language-learning process. The subject of security is often neglected by many articles pertaining to a new language, or security ... Read More
Loading...