Application Security Testing
What is fuzz testing? What is it used to test for?
Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing ...
Identify Critical Security Vulnerabilities With IAST
Vulnerabilities in production code continue to increase, including vulnerabilities in open source codebases. According to a recent report from Synopsys, the number of open source vulnerabilities increased over the past year to ...
What to Include in Your Security Testing Provider’s Agreement?
Security testing is a vital part of not just compliance but overall website/ web application security. Regardless of the type of website security testing and the service provider chosen for. The post ...
What is the ROI of Checkmarx Application Security Testing (AST)?
When it comes to IT security initiatives, many enterprises struggle to quantify business value and return on investment (ROI), often viewing their security spend solely as an insurance expense – a must-have ...
Preventing Developer Burnout in the Age of Rapid Software Delivery
“Burnout” happens across all jobs and industries, especially tech. However, developers have always been particularly at-risk of falling victim to burning out, and the COVID-19 pandemic, and the resulting digital shift driven ...
Application Security: Turbulence Often Leads to Transformation
Most security and risk (S&R) professionals in our industry have heard of Top 10 Lists. For example, OWASP and their community of contributors have expanded their Top 10 security projects to include ...
On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53
This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication ...
Integrating Checkmarx Security Results within GitLab
The automation and integration of Application Security Testing (AST) is essential for building out a true DevSecOps program. Automation is the easy part. Invoke a security scanners’ REST API or a command ...
Privilege Escalation on Meetup.com Enabled Redirection of Payments
The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...
On the Road to DevSecOps: Securing the Software Driving Mobility
The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and ...
