No one likes paying bills, or at least I don’t. However, what is absolutely worse is finding yourself with an unexpected bill that is coming due. For software developers, there is a big bill coming due in the terms of a Software-Bill-of-Materials (SBOM). While there has been some debate if governments, including the US, would formally mandate SBOMs or let industry self-regulate, this debate is now over. Governments around the world are exploring how to mandate SBOMs for software either sold to the government or sold in a specific market. This post is going to focus on the upcoming bill due to ..read more

In the world of application development, success relies on developers being able to use their preferred tools to deliver innovative, secure products. Getting the developer experience right is a mission that unites Checkmarx and JetBrains, a global software vendor that creates professional software development tools and advanced collaboration solutions. See this in action by watching our latest joint webinar.  We are pleased to announce that we are building on our long-standing partnership and earlier integrations with JetBrains’ flagship, IntelliJ IDEA. This will deliver the full power o ..read more

OWASP chapters and members gain Codebashing access to boost adoption of application security and compliance standards while building trust between security and development teams PARAMUS, N.J. – APRIL 18, 2024 – Checkmarx, the leader in cloud-native application security, today announced the Codebashing AppSec Training Initiative in partnership with the Open Worldwide Application Security Project, (OWASP). The program will provide OWASP chapters and their members around the world with access to the Codebashing AppSec solution to ease the adoption of application security (AppSec) and compli ..read more

Professionals in any profession need to train. The more training you do, the better you’ll get. This is relevant to any profession, and Application Security (Appsec) is no exception. This is why Checkmarx and OWASP are thrilled to announce the Global Codebashing Appsec Training Initiative, which will provide all OWASP members around the world access to Codebashing – Checkmarx’ Appsec Training platform. The importance of Appsec is very well recognized in the software and security worlds. Organizations from all verticals must secure their software applications and need to start from t ..read more

Article's content What is the Software Development Lifecycle? SDLC processes The importance of the SDLC The role of security in the software lifecycle SDLC best practices How Checkmarx can help with your SDLC needs More on Application Security Addressing Open Source Security Risks With Software Composition Analysis The Software Development Lifecycle (SDLC) lays the foundation for a modern approach to creating software. For that reason, building efficiency, scalability, reliability, and security into the SDLC is critical for any team that wants to build great applications. This ..read more

A new class of vulnerabilities in specific implementations of the HTTP/2 protocol, dubbed “HTTP/2 CONTINUATION Flood,” has been discovered, causing concern across the Internet. Various affected products have already been identified and assigned CVEs, with more expected to be disclosed in the future. This vulnerability is potentially even more severe than the previous HTTP/2 Rapid Reset issue.  Key points  A new class of vulnerabilities: “HTTP/2 CONTINUATION Flood” has been discovered in various implementations of the HTTP/2 protocol.  The vulnerability can lead to Denial of Se ..read more

In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware. Key Points GitHub search manipulation: Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users. Malicious code is often hidden within Visual Studio project files (.csproj or .vcxproj) to evade detection, automatically executing when the project is built. The attacker had set up the stage to modify the pa ..read more

SQL Injection: Everything You Need to Know Accepting input from users is a core requirement for many applications. But what if threat actors lurk among your users and inject malicious commands into your app? In that case, your app has suffered a SQL injection attack. Depending on how it responds, attackers may be able to use SQL injection to steal sensitive information, destroy important data, and potentially even take control of the application and the system that hosts it. Fortunately, there are steps that developers and security teams can take to protect against SQL injection. This article ..read more

Any organization that develops and/or deploys software applications must have application security controls in place to protect those apps. However, enterprises face certain special types of security challenges – which is why organizations that operate at an enterprise scale require enterprise application security. This article breaks down the meaning of enterprise application security, explains what makes enterprise AppSec unique, and discusses best practices for getting the most from enterprise application security. What is enterprise application security? Enterprise application security is ..read more

New independent study of a global, $10 billion composite organization with 1000 developers demonstrated a 177% ROI, 40-50% improvement in developer productivity and 35% reduction in the likelihood of a breach over three years PARAMUS, N.J. – APRIL 4, 2024 – Checkmarx, the leader in cloud-native application security, today released a commissioned study conducted by Forrester Consulting on The Total Economic Impactof Checkmarx: Cost Savings and Business Benefits Enabled by the Checkmarx One Platform, March 2024. The analysis was based on Forrester interviews with eight Checkmarx customers in th ..read more