Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.

Black Friday Breach Nightmare: At Least 45 Million Target Customers Affected

Dec 19, 2013 By Sarah Vonnegut | Target’s famous bullseye logo attracted some malicious arrows over the holiday shopping season as the national retail chain was the target of a major data breach that may be much more serious than first thought as details emerge.
The data breach will potentially affect hundreds of thousands, perhaps millions, of Target customers that shopped in-store at any of the American retail giant’s 1,800+ locations in the U.S. and Canada between Black Friday and December 15th. Brian Krebs, who first reported on the story on his blog, spoke with several sources that corroborated the same story: Target is currently working with the Secret Service to determine the perpetrators, cause, and outcome of an incident in which the data stored on customer’s magnetic card stripe was stolen.

Read More »

Dept. of Energy Breach: What Went Wrong & Key Takeaways

Dec 17, 2013 By Sarah Vonnegut | The Department of Energy (DOE) has released more details about the July 2013 DOE Employee Data Repository (DOEInfo) incident in which the Personal Identifiable Information (PII) of at least 100,000 past and current federal employees – but possibly as high as 150,000 – was exposed.   According to the 28-page review conducted by Gregory H. Friedman, the DOE’s inspector general, leaked details included full names, social security numbers, birth dates and places, security questions and answers, education and even details of employee disabilities.

Read More »

Balloon Pop 2 Taken Off Android Play Store – WhatsApp Snooping Exposed

Dec 13, 2013 By Sharon Solomon | Mobile malware has come a long way in recent years. The latest exploit was exposed this week when the popular “Balloon Pop 2”, played and enjoyed by thousands of Android users, was found to contain a malicious code that enabled eavesdropping on WhatsApp conversations. Google has taken the game off its Play Store app market.

Read More »

5 Recommendations From Top CISO’s For A More Secure Future

Dec 12, 2013 By Sarah Vonnegut | 19 of the top CISO’s and security executives from around the world came together to give their advice on what security teams should be focusing on in the New Year. This week, the Security for Business Innovation Council (SBIC) released an in-depth report expounding on the suggestions. The major industry thought leaders included FedEx CISO and VP of Information Security Denise D. Wood, Coca Cola’s CISO Renee Guttmann, and Intel Chief Security and Privacy Officer Malcolm Harkins, among other security big shots. 

Read More »

Faux Google SSL Certificates Issued By Finance Ministry in France

Dec 10, 2013 By Sarah Vonnegut | Google spoke out this week after security engineers discovered fake SSL certificates linked to a French government agency earlier this month. On December 3rd, security engineers found that a government agency in France was using unauthorized digital certificates on various Google domains, including Gmail, which allowed the agency to act as man-in-the-middle of private domains and sites they did not own.

Read More »

This Week In Application Security News: Nov. 25 – Dec. 1

Dec 01, 2013 By Sarah Vonnegut | Winner of the ‘Worst Week’ award goes to James Howells, who this week realized he threw away a hard drive with 7,500 Bitcoins worth over $7.5 million in current BTC value. Read about his million dollar fumble, the still-unfolding Vodafone breach, new NSA snooping and more in this week’s edition of The Week in AppSec.

Read More »

Top-10 Essential Challenges of Mobile Security

Nov 29, 2013 By Sharon Solomon | Mobile Security has become a crucial aspect of protecting sensitive data and information. Malicious attacks once focused on PC’s have now shifted to mobile phones and applications. Mobile makers are aware of this fact and are investing heavily in security.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.