Posts by Paul Curran:

industrial cyber threats

Securing the Energy Sector against Industrial Cyber Threats

Dec 08, 2016 By Paul Curran | Late in 2015, just over a month before hackers plunged over 230,000 residents in the Western Ukraine into darkness for 6 hours, Forbes forecasted what they considered to be the biggest cybersecurity threat: The Energy Sector.   They were right, and remain correct as the exploits and vulnerabilities of 2016 become the major challenges of 2017.   Due to prevalence of unpatched legacy systems, the high cost of proper security along with the fact that many energy providers cannot afford the downtime to update their systems, the energy vertical is becoming an increasingly attractive target for hackers.

</Read More>
spear phishing attacks

Beware of Spear Phishing

Nov 28, 2016 By Paul Curran | For malicious parties hoping to capitalize on the frantic frenzy of online purchasing, both the prevalence of email marketing and popularity of mobile purchasing pose significant threats.   The promise of incredible deals via email marketing campaigns presents the perfect attack vector for malicious parties to prey on unsuspecting shoppers.

</Read More>
Wordpress security check

WordPress Security Check – Plugins Could Leave Online Shoppers and Businesses Vulnerable On Cyber Monday

Nov 22, 2016 By Paul Curran | As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday- more and more shoppers are preparing to do their purchasing online from the comfort of their homes.   In order to gain a better understanding of the potential threats posed by the hundreds of thousands of websites which utilize e-commerce plugins, the Checkmarx research lab used CxSAST, Checkmarx’s static code analysis solution, to run a scan WordPress security check of the most used WordPress e-commerce plugins in the weeks leading up to Cyber Monday.

</Read More>
Local File Inclusion Vulnerability

How a Local File Inclusion Vulnerability led to the AdultFriendFinder Hack

Nov 21, 2016 By Paul Curran | For millions of users, and former users, of websites on the Friend Finder Network, the service built to bring them closer to their fantasies is turning into a nightmare. In what Wired is calling a “privacy catastrophe,” over 400 million accounts and deleted accounts, were breached on one of the world’s largest adult dating websites as the result of a Local File Inclusion vulnerability. AdultFriendFinder . com was acquired by Penthouse in 2007, which subsequently changed its name to Friend Finder Network. Under the Friend Finder Network exists numerous adult websites of which AdultFriendFinder . com is the largest. Combined, these websites contain over 412 million past and present users, all affected by the latest hack. Besides AdultFriendFinder . com, the Friend Finder Network includes numerous adult-oriented “hookup” websites which include

</Read More>
web application security lessons

3 Web Application Security Lessons from Recent Vulnerabilities and Exploits

Nov 13, 2016 By Paul Curran | 2016 has been a hot year for hackers and this trend shows no sign of stopping. Major hacks and the breached data released as a result over the course of 2016 have led to millions in losses for the organizations who failed in establishing proper web application security. The now-infamous Yahoo hack cast some shades of doubt on how Verizon was going to proceed with its $4.8 billion acquisition while Iceland’s prime minister Sigmundur Davíð Gunnlaugsson resigned as part of the fallout from the Panama Papers.  

</Read More>
Information Security Jobs, Salaries and Opportunities

Information Security Jobs, Salaries and Opportunities for Developers Willing to Upgrade

Nov 03, 2016 By Paul Curran | Developers who choose to augment their coding knowledge with secure development skills will find themselves in the most in-demand career field as the massive growth in cyber attacks continues to force organizations, and governments, to strengthen their cyber war chests with more advanced tools, increased budgets and larger teams. Read on the learn about the information security jobs, salaries and opportunities for developers willing to upgrade their skills.

</Read More>
Secure Software Development

Secure Software Development Tips – Interview with Josh Feinblum

Oct 25, 2016 By Paul Curran | The fourth, and final, interview in our 2016 National Cyber Security Awareness Month series is with Josh Feinblum, the VP of Information Security at Rapid7. In this series, we have gotten tips for accelerating application security with Dan Cornell of the Denim Group, received insights about managing open source security with Rami Sass of WhiteSource and learned about the importance of security awareness training with Checkmarx’s own founder and CTO Maty Siman.

</Read More>
application security awareness training

The Importance of Application Security Awareness Training – Interview with Maty Siman

Oct 18, 2016 By Paul Curran | The third in our series of 2016 National Cyber Security Awareness Month (NCSAM) interviews is with Maty Siman, founder and CTO here at Checkmarx. 
Maty is passionate about secure programming and moving secure development education and awareness away from the “back seat” that security has traditionally taken for programmers. Read Maty’s advice for organizations who want to scale their security in 2017 as well as his recommendation for application security awareness training in the interview below.

</Read More>
secure coding practices

7 Point Plan for Sustainable Secure Coding Practices

Oct 13, 2016 By Paul Curran | Gartner estimates that through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Month after month, major organizations face major hacks and breaches which often involve security vulnerabilities that are well known to security professionals. From SQL injections to weak encryption, the astronomical costs associated with exploits which can, and should be, remediated prior to production, should make organizations constantly reconsider, revisit and revise their software development lifecycle and strive towards creating a secure software development lifecycle (sSDLC). Read these tips for sustainable and secure coding practices and be sure to add your own in the comment section below!

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.