Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
iStock_000015841805Small-200x300

DevOps & Security: Top 3 Myths Debunked

Jan 16, 2014 By Sarah Vonnegut | This post is based on our AppSec How-To Paper on Achieving Security in DevOps, which you can access here.
In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it’s a process that continues to get more streamlined, faster and more efficient – and your deployments will be that much better if they’re also fully secure before release time comes.

Read More »
iStock_000019605693XSmall1

Malware Alert: Flashback Trojan Still Alive And Kicking

Jan 16, 2014 By Sharon Solomon | Apple’s Mac OS is considered to be safer than other leading computing platforms. But this reputation was serious dented back in 2011 when the Flashback Trojan was exposed. More than 500,000 Mac users were affected by the malware within months. The bad news is that the Flashback is still active.

Read More »
iStock_000006062959Small-200x300

SMBs: ‘Too Small To Be A Target’ Thinking Won’t Cut It Anymore

Jan 14, 2014 By Sarah Vonnegut | With big name brands like Target and Neiman Marcus getting hit left and right these days, it would be easy to make the assumption that hackers are mostly interested in hacking the big guys, especially with further breached retailers soon to be named. It simply is not the case. Small and medium sized businesses still pose plenty of advantages to hackers.

Read More »
iStock_000019354781XSmall

Cryptolocker – Nasty Ransomware Wrecking Havoc Worldwide

Jan 13, 2014 By Sharon Solomon | If you own a PC running Windows, you are vulnerable to Cryptolocker. This Trojan entered the spotlight in late 2013 and is not showing any signs of slowing down. It’s very important to understand and be aware of this fast-spreading ransomware, which has already earned its operators lots of money. The dreaded Trojan initially spread only via emails. Users were sent malicious emails with downloadable files or misleading links. The exploited computer’s data files were then locked until a ransom was paid for the decryption. The news keeps getting worse. Cryptolocker is now capable of contaminating computers with removable USB drives and pirate software activators. Windows users should refrain from using unknown USB drives and must install only official software.

Read More »
iStock_000019829938Small-300x199

This Week in AppSec News: January 6-12th, 2014

Jan 12, 2014 By Sarah Vonnegut | Between more big-name breaches, iOS mobile banking apps found insecure, Microsoft getting hacked by the SEA (again), and Yahoo’s HTTPS service being deemed ‘too little, too late’, the security industry hasn’t had the best beginning to 2014. Will the Personal Data Privacy and Security Act save the year? Senator Patrick Leahy thinks so. Here’s a look at the past week’s top AppSec stories:

Read More »
A-Black-Friday-Breach-Nightmare-2-300x300

Target Breach Update: Up to One-Third of US Adults Now At Risk

Jan 11, 2014 By Sarah Vonnegut | The Target breach is nowhere near over. During their forensic investigation, Target has now found that at least 70 million customers, much higher than the original 40 million estimate, were affected. The new estimate may be a separate cache from the original number, and this data including a mix of mailing addresses, names, numbers and emails, so when all is said and done, personal info of up to 110 million customers, a third of American adults, could have been taken.

Read More »

Start Your Weekend Early With Seriously, AppSec?!

Jan 02, 2014 By Sarah Vonnegut | In case you missed it last week, start 2014 off with a laugh, courtesy of our new Tumblr, Seriously, AppSec?! We’ll be adding new ones all the time, so check back for fresh AppSec reactions.
A few reader favorites:
 

Read More »

And The Winner of AppSecTip 2014 is….

Jan 01, 2014 By Sarah Vonnegut | Our #AppSecTip survey was a smashing success, thanks to the many amazing security pros who added their best pieces of AppSec advice! After two months of voting and some very close calls, we have finally arrived at the big announcement. So who takes the awesome AR Drone prize home?
Drum roll, please……

Read More »
iStock_000031268478Small-300x156

Virtual Reality, Meet Hard Reality: The World of Warcraft Crackdown & What It Could Mean For Cybercrime in China

Dec 31, 2013 By Sarah Vonnegut | Last week in the Zhejiang province of China, 10 men were sentenced to prison terms of up to two years for accessing over 11,500 World of Warcraft accounts. The men didn’t hack into the accounts, but instead bought the login details for the accounts on the black market, then sold each player’s gear and accumulated gold to other gamers within the game.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE