Posts by Amit Ashbel:

hacker-sca-02

Do Hackers Use Source Code Analysis?

Apr 27, 2016 By Amit Ashbel | Your source code – along with secure application code practices – is your edge over hackers. 
  A couple of months back, part of the Checkmarx team, myself included, attended a security conference in India where we presented our solutions and provided demos for attendees who wanted to see how the solution enables detecting and mitigating vulnerabilities in code.
</Read More>
White Box vs Black Box

White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms?

Mar 28, 2016 By Amit Ashbel | When I feel ill, I take a trip to my doctor.  At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor).
The Black Box approach
The doctor’s initial prognosis for a regularly healthy person is usually based on visible symptoms and information reported by the patient. A runny nose could indicate a simple cold. However, it can also indicate the flu, allergies, sinusitis, deviated septum and sometimes, it could even indicate pregnancy. If symptoms don’t persist or increase in severity, the doctor will maintain their prognosis and assign a standard treatment.
</Read More>
Blog Headers (5)

RSA Conference 2016: AppSec Track Impressions

Mar 13, 2016 By Amit Ashbel | 2 weeks ago I attended RSA Conference 2016 in San Francisco. I had the chance to attend multiple talks in the AppSec track and listen to what the other vendors, thought-leaders and experts had to say. In a nutshell, all talks and discussions revolved around how to get the developers engaged with the security process. Buy them in, get their participation and educate them. I couldn’t help thinking to myself how all of these things have been on Maty’s and Checkmarx’s agenda for over 10 years.
</Read More>
Whatyouneed2know

What You Need to Know – Instagram Hacked

Dec 20, 2015 By Amit Ashbel | What was stolen?   An independent security researcher was able to hack Instagram servers and gain access to basically all of Instagram’s secret material.  Wesley Weinberg, was able to put his hands on everything from Instagram’s source code through credentials to email servers, SSL certificates and personal data of employees and users. As part of Facebook’s bounty program, Weinberg started analyzing the Instagram systems to quickly realize he had stumbled on something big.
</Read More>
Whatyouneed2know

What you need to know – Anonymous strikes the European Space Agency

Dec 14, 2015 By Amit Ashbel | Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more than 8,000 subscriber’s data has been exposed.
</Read More>
Whatyouneed2know

What you need to know – Vtech hacked, but why??

Nov 30, 2015 By Amit Ashbel | What was stolen?
On November 24th, VTech Holdings detected unauthorized access to customer data housed on their Learning Lodge app store database.  The breach occurred on November the 14th – 10 days before it was even detected.
</Read More>
mobileblog3

The State of Mobile App Security

Nov 05, 2015 By Amit Ashbel | The mobile application industry is growing at an explosive pace, yet security issues of mobile applications are lagging behind. Incidents of mobile application hacking have increased exponentially as attackers and attacks have evolved, using both new and well-known methods of attack to infiltrate apps and collect the as much data as possible. The impact on businesses and end-users is exponentially growing. With more than 1.5 million apps available in the two main app stores, Apple and Android, and hundreds of billions of downloads to date, the mobile landscape has quickly become the main playground for hackers and attackers.
</Read More>
Whatyouneed2know

What you need to know about Stagefright?

Jul 29, 2015 By Amit Ashbel |   Let’s start with a temporary workaround to avoid becoming infected Open the Hangouts App Hangout App Settings
Click the hamburger menu and select “settings”
Select SMS
Select Hangouts as your default SMS app
Uncheck ‘Auto-retrieve MMS’ Now that we got that out of the way we can start talking about the Stagefright vulnerability itself.
What is Stagefright?
Stagefright is a new vulnerability which was found, reported and announced by Zimperium, an Israeli enterprise mobile security company. The vulnerability can infect a device by simply downloading an MMS message (which happens automatically in most cases). Once infected, the hacker has full control over the phone’s data.
</Read More>
Whatyouneed2know

What you need to know – Ashley Madison’s affair with cyber security

Jul 21, 2015 By Amit Ashbel | 37 million users have had their most sensitive details harvested in the latest Ashley Madison hack. A team named the “Impact team” claimed responsibility for the attack however there is no clear knowledge yet as to how the attack was performed. Some of the data was immediately published online by the hackers, however ALM (The Toronto based company which owns the website amongst other websites of similar nature) were able to take down the links/websites pointing to the stolen data.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.