Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
iStock_000018220191Small

No Kidding. 5-Year Old Hacks Dad’s Xbox

Apr 08, 2014 By Sharon Solomon | Hackers and fraudsters are reaching new levels of effectiveness in locating security glitches. Almost any device that can connect to the internet has been proven to be vulnerable. But this time it’s a 5-year old American kid who has exposed a glaring vulnerability in the popular Xbox Live online gaming platform.  

Read More »
iStock_000025138182Small-300x199

One Vulnerability To Rule Them All: SQL Injection

Apr 07, 2014 By Sarah Vonnegut | They’re simple, highly exploitable, and when done ‘correctly’, can be deadly…or at least incredibly costly for an organization. They’ve been used in hundreds of thousands of attacks and have cost companies and organizations millions – at this point billions – in lost or stolen funds as well as other breach costs.
  The nightmare exploit in question?  SQL injection (SQLi) attacks. They’re one of the most common vulnerabilities found on the web; attacks are easy to carry out and can be highly valuable: One little piece of injected code and the organization’s entire database could be used to spoof identities, tamper with existing data, allow the complete disclosure – or complete deletion – of all system data, and give the hacker full administrative access to the server.   
Hackers have gotten more advanced over time, developing automation tools used to scour the web in search of sites vulnerable to SQLi attacks, but organizations have put their focus – and resources – on negating against other types of attacks, allowing hackers to focus in on more easily exploited vulnerabilities.
When it comes to SQLi attacks, history has done a great job of repeating itself. In 2009, the Heartland Payment Systems breach that leaked 130 million credit card numbers was accomplished through SQL injection. The group of hackers responsible for the Heartland breach, led by Albert Gonzalez, also masterminded attacks on Dave & Busters, OfficeMax, Boston Market, Barnes & Noble, and several other businesses – all confronted by SQL injection attacks.

Read More »
iStock_000016829158Small

Mobile Sunday: New iOS 7 Vulnerability Exposed

Apr 06, 2014 By Sharon Solomon | Smartphones have become “man’s best friend” over the last few years. There is almost no daily task that doesn’t involve the usage of apps and instant messaging. Unfortunately, this also has raised the amount of mobile phone robberies and tampering. Hacking is evolving, but the “traditional” thefts and mishaps are still a big threat. Phone manufacturers are implementing tools such as lockscreens and passwords to deny unwanted access to phones. The iPhone 5s even has a unique fingerprint scanner which needs to be swiped in order to unlock the phone. Apple phones also have “Find my iPhone” software. This feature allows the user to remotely lock the phone if lost in a public place or after being robbed. Unfortunately, a serious vulnerability has been exposed in this welcome feature.

Read More »
iStock_000017210019Small

All You Wanted to Know About Social Engineering

Apr 04, 2014 By Sharon Solomon | Social engineering is manipulating people into doing something, rather than using technical means. It is the art of gaining access to buildings, systems, or data by exploiting human psychology, rather than by using technical hacking techniques. For example, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. The goal is always to gain the trust of one or more of your employees.

Read More »
iStock_000036603448Small1

Internet of Fails: Serious Vulnerability Found in Philips Smart TVs

Apr 02, 2014 By Sharon Solomon | Just a couple of decades ago, the Internet of Things (IoT) idea was restricted to sci-fi movies and novels. But the internet revolution has changed everything. Millions of new home appliances are going online on a daily basis, enabling hackers to spread malware, create botnets and harvest sensitive information worldwide.  

Read More »
RedHerring_Europe_Finalist-logo

Checkmarx Selected As Finalist For Red Herring Top 100 Europe Awards

Apr 01, 2014 By Sarah Vonnegut | We’re excited to announce that Checkmarx has been chosen as a Finalist for Red Herring’s Top 100 Europe award, a distinctive list that honors the year’s most promising private tech companies in Europe.  
The Red Herring 100 Awards, first started in 1996, are one of the most prestigious events for start-ups across the world. Red Herring’s editorial team analyzes hundreds of cutting edge companies and technologies and selects those positioned to grow at an explosive rate.  The Top 100 companies are assessed on 20 varying criteria, including disruptiveness of the solution in its respective markets, market maturity, quality of the management, financial performance, and technological advantage, among many others.

Read More »
iStock_000012980185XSmall

ATMs Raided With Ploutus as Windows XP Zero Day Approaches

Mar 31, 2014 By Sharon Solomon | Windows XP will be officially discontinued on 8 April, but the legend platform is far from becoming extinct. 95% of the world’s ATMs are still powered by the 12-year old operating system, opening the door for Ploutus attacks. More and more hackers are using SMS messages to steal money. As informed in our previous Windows XP Update, there are worrying amounts of businesses and workplaces still using the expiring platform. Surprisingly, such outdated systems and networks are not exclusive to poor countries. The biggest problems are expected in the banking industry, with thousands of ATMs still using Windows XP. Upgrading the systems to newer software is going to be a long and costly process. Cybercriminals are already exploiting this issue.

Read More »
10422904405_c47bc54829_k-300x168

BYOD 2.0: Securing the Internet of Things in Your Organization

Mar 20, 2014 By Sarah Vonnegut | In the latest Internet of Things news this week, researchers from Cal Poly successfully designed an app for Google Glass that could take a picture every ten seconds with the display off, “uploading the images to a remote server without giving the wearer any sign that his or her vision is being practically live-streamed to a stranger,” Andy Greenberg writes. It’s scary enough to imagine that someone could be walking around, living their day-to-day lives as someone records their every action at a distance.

Read More »
iStock_000034723050Small

Bitcoin Crashing Due To Steep Rise in Cybercrime

Mar 19, 2014 By Sharon Solomon | The Bitcoin bandwagon has stalled. The value of the Cryptocurrency skyrocketed in 2013, but a downward trend is being witnessed this year. Investors and traders wishing to see Bitcoins in the mainstream e-commerce scene will probably have to wait a little longer.
Besides the glaring lack of regulation and worrying price volatility, cybercriminal activity has put a huge dent in the digital currency’s credentials. The hacking techniques are not new, nor are the vulnerabilities found in the Bitcoin exchanges.
More and more Bitcoin exchanges are being exploited with the help of malware and common phishing techniques. Coinbase and Flexcoin are just two of many Bitcoin platforms that have fallen prey to hackers and fraudsters.

Read More »
iStock_000025138182Small-300x199

3 Key Benefits of Automating Your Source Code Review

Mar 18, 2014 By Sarah Vonnegut | Automation has taken the business world by storm. We automate everything, from marketing to manufacturing and everything in between, and it often pays off: greater ROIs, higher productivity, less overworked employees. In application security, the same can be true. As web applications have become the essence of business in almost every industry, the risks have increased. While we will always need code reviewers, pen testers and security teams for areas requiring human intelligence, for the business side or otherwise, automating your source code analysis is a step towards higher security. Let’s look at the top 3 reasons why you should be automating your code review process.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE