What’s Hot in Application Security Vol #11

May 09, 2012 By Administrator

Is fear in the Cloud misplaced?news

Who’s afraid of the big bad cloud? Everyone apparently! Corporations, Public Companies; the list is endless. Cloud Security is synonymous with problems. When we consider Cloud Security we think about application security and guarding sensitive data. Cloud Security has been one of the things on the front of the minds of IT directors for years as they ponder; how do we migrate data out of the corporate data centers to the cloud?

Many consider Cloud Security to be so totally worthless that it doesn’t even bear thinking about when considering where to store sensitive data belonging to an organization but there are many benefits to cloud storage. Economically, you can’t deny that Cloud Security is far lighter on the corporate pocket than on site storage, which costs the organization thousands in cooling, power, management etc.
For more information please go to:

European Space Agency left Red Faced after SQL Injection

The famous anonymous hacking group has left the European Space Agency well aware and shamefaced about their lack of web application security. The space agency has massive amounts of highly sensitive data and information- so why on earth was a hacking group with political motivations able to use one of the most well-known and well used vulnerability out there to their advantage. Luckily the hacking group was only able to get their hands on some usernames and passwords, and didn’t manage to launch a satellite into space! A spokesperson for the European Space Agency said:

“The group used SQL injection… The use of SQL injection is an admitted vulnerability,” said Zatti. “This needs to be addressed at a coding level.”

This is obviously true and it does need to be addressed at coding level. The European Space Agency needs to invest in some drastic measures, start thinking about code review and code analysis, not only for QA but also for vulnerabilities.

For more information please go to:


Hackers hold European Credit Card Company’s Customer Data for Ransom!

It has shades of a Hollywood movie but its real life. A hacking Group recently succeeded in obtaining hundreds of thousands of customers details and instead of using them, they threatened to release them to potential cyber criminals ( hmmm.. and they aren’t cyber criminals ) if their monetary demands weren’t met. The timeframe for the random came and went and no money exchanged hands. The cynical group said that it was all too easy to obtain the details of the customers and even laughed that the data wasn’t even encrypted!
“While this could be called ‘blackmail’, we prefer to think of it as an ‘idiot tax’ for leaving confidential data unprotected on a web server,” said the group in its Pastebin entry.
The particular details of the case are not relevant, the outcome for the company is painful- this isn’t the type of place you’d trust to protect your sensitive identity or financial credentials.
For more information please go to:

BYOD Growth Creates New Opportunities

The BYOD- trend has become out of control due to the satisfaction and productivity of the employees. It’s practically impossible to prevent employees from bringing their own devises any more therefore; we must focus on protecting data and applications on these devices.

Instead of having each organization devote their precious time figuring out how to secure these devices we need professionals to effectively manage these complex IT security requirements.


Security Is Gaining More Respect?

According to a survey that was held on 138 senior business and IT executives approximately 20% oversaw security for businesses with more than 10,000 employees. Senior executives are paying much more attention to information security and the CISO role.
60% of advanced organizations mentioned security as a regular day to day topic.
68% already have a security team in place.
The survey also found that within the next couple of years over 70% of the businesses are going to significantly increase their budget for software security.
It’s about time organizations focus more resources and time on securing software to prevent disasters.


Adobe Patches New Flash Player Vulnerability

Attackers manage to exploit adobes Flash Player program. The malicious vulnerability is targeted to Microsoft Internet Explorers Active –X plugin structure. The attack is designed to trick you in to clicking on a fraud file sent to your inbox.
According to Adobe these are targeted attacks that are aimed at specific individuals and organizations.
The solution is installing a new version that uses a “silent, background update mechanism” to patch this vulnerability.


The following two tabs change content below.


Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.