Checkmarx has now released an update that scans your application source code for the Heartbleed-vulnerable library code.
The Heartbleed vulnerability had affected almost half a million secure web servers, certified by trusted authorities, by the time it was exposed. The bad news is that the problem still exists. More than 2% of the Alexa world top 1,000,000 websites are still susceptible to attack.
“Heartbleed is a bug in the basic implementation of open-source OpenSSL,” Checkmarx CTO Maty Siman told reporters after the bug was exposed. “Many security problems, like Heartbleed, can be traced to the original code written by programmers — in which they added features without checking the security ramifications.”
We strongly recommend the instilling of secure coding practices and the implementation of Source Code Analysis (SCA) testing during the development process for achieving a safe Software Development Life-Cycle (sSDLC).