Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
iStock_000020450842XSmall

Balloon Pop 2 Taken Off Android Play Store – WhatsApp Snooping Exposed

Dec 13, 2013 By Sharon Solomon | Mobile malware has come a long way in recent years. The latest exploit was exposed this week when the popular “Balloon Pop 2”, played and enjoyed by thousands of Android users, was found to contain a malicious code that enabled eavesdropping on WhatsApp conversations. Google has taken the game off its Play Store app market.

Read More »
iStock_000017210019Small-203x300

5 Recommendations From Top CISO’s For A More Secure Future

Dec 12, 2013 By Sarah Vonnegut | 19 of the top CISO’s and security executives from around the world came together to give their advice on what security teams should be focusing on in the New Year. This week, the Security for Business Innovation Council (SBIC) released an in-depth report expounding on the suggestions. The major industry thought leaders included FedEx CISO and VP of Information Security Denise D. Wood, Coca Cola’s CISO Renee Guttmann, and Intel Chief Security and Privacy Officer Malcolm Harkins, among other security big shots. 

Read More »
Google-Logo-300x106

Faux Google SSL Certificates Issued By Finance Ministry in France

Dec 10, 2013 By Sarah Vonnegut | Google spoke out this week after security engineers discovered fake SSL certificates linked to a French government agency earlier this month. On December 3rd, security engineers found that a government agency in France was using unauthorized digital certificates on various Google domains, including Gmail, which allowed the agency to act as man-in-the-middle of private domains and sites they did not own.

Read More »
iStock_000025490533Small-300x300

This Week In Application Security News: Nov. 25 – Dec. 1

Dec 01, 2013 By Sarah Vonnegut | Winner of the ‘Worst Week’ award goes to James Howells, who this week realized he threw away a hard drive with 7,500 Bitcoins worth over $7.5 million in current BTC value. Read about his million dollar fumble, the still-unfolding Vodafone breach, new NSA snooping and more in this week’s edition of The Week in AppSec.

Read More »
iStock_000025113752XSmall-225x300

Top-10 Essential Challenges of Mobile Security

Nov 29, 2013 By Sharon Solomon | Mobile Security has become a crucial aspect of protecting sensitive data and information. Malicious attacks once focused on PC’s have now shifted to mobile phones and applications. Mobile makers are aware of this fact and are investing heavily in security.

Read More »
iStock_000024004809Small-300x300

2,000+ Websites Vulnerable With Ruby on Rails Flaw

Nov 28, 2013 By Sarah Vonnegut | A new exploit, discovered by a white-hat hacker, puts users of over 2,000 Websites in danger of attack. Older versions of Ruby on Rails, a popular open source Web app, employ a defective session management system that could affect the users on the thousands of sites that use it. G.S. McNamara, a security researcher based in D.C., first found the vulnerability issue back in September. The exploit is an Insufficient Session Expiration weakness, and McNamara says it’s fairly common. It’s especially dangerous for shared computers with lots of daily user turnover, such as in libraries or internet cafes.

Read More »
iStock_000007816098Small-300x199

Cybersecurity Checklist For Holiday Shopping & Travel

Nov 27, 2013 By Sarah Vonnegut | For many in the U.S., the Thanksgiving weekend officially begins at the end of today’s work day and thus starts the beginning of the holiday season. This year there will already be enough pains to deal with: congested roads, packed stores and airports, not to mention messy weather. One headache you can avoid is Cybercrime, so take these fairly simple steps to keep yourself and your gadgets secure while traveling and shopping.

Read More »

Reviewing Scan Results in Checkmarx CxSuite [Video]

Nov 22, 2013 By Sarah Vonnegut | [slideshare id=28484935&doc=checkmarxresultsreview-131121105407-phpapp02-video] In this SlideShare video, we demo the process of reviewing the source code analysis and the steps you need to take in repairing the vulnerabilities. Explore how the CxSuite solution, using state of the art code flow visualization, discovers vulnerable locations and shows the points to best fix the issue and mitigate further risk.
  Related Resouces: A Picture Is Worth A Thousand LoC: Using Code Flow Visualization for Optimal Vulnerability Remediation
A Successful SAST Implementation [White Paper]

Read More »
Obamacare-300x300

Obamacare Website Compromised; Security Issues Surface

Nov 21, 2013 By Sharon Solomon | The Obamacare website has now joined the ever-growing list of compromised portals. Reports of bad user-experience and rumors of security breaches have been making the rounds for weeks, but the newly launched national healthcare website (healthcare.gov) has now apparently fallen prey to a typical Cross-Site Scripting attack. 

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE