Posts by Sarah Vonnegut:


Preparing the Cyber-Cops of Tomorrow: Interview with Giovanni Vigna

Jan 22, 2014 By Sarah Vonnegut | Each year, hundreds of hackers gather in computer labs around the world. Their goal? Like any other hackers, their goal is to manually exploit application and network level flaws in servers across the globe. If it sounds malicious, it’s just because it mimics real world vulnerability exploitations that happen every day. In fact, this specific activity is meant to be educational – and the hackers in question are actually students hacking from their universities.
This year, 123 teams from around the world simultaneously connected to UCSB’s servers from their respective countries for the iCTF ‘Capture the Flag’ competition. The theme was “Nuclear Cyberwar,” and each team was to patch and keep their own nuclear enrichment plant secure before trying to hack other teams’ system by seeking out and exploiting system flaws.
The competition was grown organically out of Vigna’s advanced computer security classes as well as his own experience with CTFs; in fact, his team, Shellfish, won the 2005 DefCon Capture the Flag. As a professor, Vigna would hold a vulnerability analysis contest at semesters’ end, where half the class would act as attacker and the other half defenders. It soon turned into a hacking contest and then became so popular that other professors took notice. The rest is hacking history. The competition has grown from 12 students in the U.S. to 1,300 participants from 40 different countries this year.

</Read More>

The Hacking of the Fridge & Other AppSec Stories This Week

Jan 19, 2014 By Sarah Vonnegut | This week saw some interesting developments in the AppSec department. For starters, in what’s been already been widely reported to be the year of the ‘Internet of Things’, the first botnet that included internet-connected refrigerators and TV’s was discovered. We also found out that the malware stealing data off of Target’s POS systems was designed by a ‘nearly 17-year-old’ in Russia – and it isn’t especially complicated. Here’s a deeper look at the top stories of the week:

</Read More>

DevOps & Security: Top 3 Myths Debunked

Jan 16, 2014 By Sarah Vonnegut | This post is based on our AppSec How-To Paper on Achieving Security in DevOps, which you can access here.
In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it’s a process that continues to get more streamlined, faster and more efficient – and your deployments will be that much better if they’re also fully secure before release time comes.

</Read More>

SMBs: ‘Too Small To Be A Target’ Thinking Won’t Cut It Anymore

Jan 14, 2014 By Sarah Vonnegut | With big name brands like Target and Neiman Marcus getting hit left and right these days, it would be easy to make the assumption that hackers are mostly interested in hacking the big guys, especially with further breached retailers soon to be named. It simply is not the case. Small and medium sized businesses still pose plenty of advantages to hackers.

</Read More>

This Week in AppSec News: January 6-12th, 2014

Jan 12, 2014 By Sarah Vonnegut | Between more big-name breaches, iOS mobile banking apps found insecure, Microsoft getting hacked by the SEA (again), and Yahoo’s HTTPS service being deemed ‘too little, too late’, the security industry hasn’t had the best beginning to 2014. Will the Personal Data Privacy and Security Act save the year? Senator Patrick Leahy thinks so. Here’s a look at the past week’s top AppSec stories:

</Read More>

Target Breach Update: Up to One-Third of US Adults Now At Risk

Jan 11, 2014 By Sarah Vonnegut | The Target breach is nowhere near over. During their forensic investigation, Target has now found that at least 70 million customers, much higher than the original 40 million estimate, were affected. The new estimate may be a separate cache from the original number, and this data including a mix of mailing addresses, names, numbers and emails, so when all is said and done, personal info of up to 110 million customers, a third of American adults, could have been taken.

</Read More>

6 Stories To Know This Week: Weekly AppSec Digest

Jan 07, 2014 By Sarah Vonnegut | This past week in AppSec we’ve seen more of the same with some new twists: Snapchat, perhaps unsurprisingly, got hacked after neglecting vital vulnerabilities, Cryptolocker has spawned a new demon, the Syrian Electronic Army went after Skype and the NSA is (also unsurprisingly) trying to build a quantum computer that could decrypt anything.
Take a few minutes to catch up on all you may have missed with those New Years hangovers!

</Read More>

Start Your Weekend Early With Seriously, AppSec?!

Jan 02, 2014 By Sarah Vonnegut | In case you missed it last week, start 2014 off with a laugh, courtesy of our new Tumblr, Seriously, AppSec?! We’ll be adding new ones all the time, so check back for fresh AppSec reactions.
A few reader favorites:

</Read More>

And The Winner of AppSecTip 2014 is….

Jan 01, 2014 By Sarah Vonnegut | Our #AppSecTip survey was a smashing success, thanks to the many amazing security pros who added their best pieces of AppSec advice! After two months of voting and some very close calls, we have finally arrived at the big announcement. So who takes the awesome AR Drone prize home?
Drum roll, please……

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.