Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
iStock_000004440280XSmall-300x199

How Collective Wisdom Enhances Application Security

Jan 14, 2013 By carolineb | One of the biggest challenges in today’s Application Security is how to map and overcome unexpected hacks as a result of lack of coverage in addition to well-defined hacks. How do we overcome this matter and improve the ability to fix our source code? The Checkmarx R&D team has initiated an unconventional and creative way to solve this trouble. At the OWASP APAC 2013, we will present our research methodology and findings. In particular, we will show how to:

Read More »

Salesforce Enhanced Security with Checkmarx Solution

Dec 27, 2012 By carolineb |   We simply love making things simple!
So here are some video screencasts introducing our Checkmarx new Salesforce online code scanner. Presenting our solution is Abhinav Gupta, Salesforce and Cloud Solution Architect- go to article and videos.  

Read More »
post

Three compelling reasons to check your mobile app source code- by Kevin Beaver, CISSP

Dec 25, 2012 By carolineb | Three compelling reasons to check your mobile app source code I’m going to put it to you straight: source code analysis is amazingly simple. Unlike penetration testing and complementary security checks, source code analysis has evolved into a literal point-and-click exercise. The hardest part is getting the source code analyzer software installed. Even that’s a non-issue with cloud-based source code analysis services.

Read More »
1

Checkmarx is now an Eclipse Member!

Dec 24, 2012 By carolineb | We are glad to announce that Checkmarx is now an Eclipse member!
We support the Eclipse community and offer adapted tools for the Eclipse developers. The Eclipse community was founded in order to enable commercially- friendly open source software for organizations and individuals, focusing on providing an open development technology, comprised of advanced frameworks and tools.

Read More »
Untitled-11-300x242

[Japan 2012] Summary of CxSuite Seminar for Managers

Dec 19, 2012 By carolineb | Following the CxSuite Seminar for Managers which took place last month in Japan, here’s a summary (in Japanese) of  “Exterminating the root cause of vulnerabilities”, by Maty Siman, Founder and CTO at Checkmarx. Go to summary  

Read More »

Wishing you a Season’s Greeting and a Happy New Year!

Dec 18, 2012 By carolineb | [slideshare id=15656023&doc=happynewyear-121216025521-phpapp01]
For the first time ever, Checkmarx conducted a comprehensive survey of security professionals,
their peers and family to see exactly how this profession is perceived… View full screen & Enjoy!
Download poster:
 
Happy New Year!

Read More »

What’s HOT in Application Security Vol #39

Dec 13, 2012 By asaphs |
2013 Threat Predictions
This past week, one of the frontrunners in high-performance network security announced their predictions for the top threats of 2013. The following are highlights of the top 3. 1. Advanced Persistent Threats (APTs) – Generally known to target specific classified information by using various methods and vectors, this coming year they are predicted to target high-powered civilians such as CEOs, celebrities, and politicians. This prediction will be hard to verify since the attacker could easily remove the malware undetected and those who become aware will probably keep it hidden from the media anyway. The targeted information is likely to be used for criminal activities such as blackmail. 2. Two Factor Authentication – It seems as if one password is not enough to be secure these days. Anyone could easily download a program which can crack an alpha-numeric password no problem. Next year, we’ll likely see more web-based logins that will require a password plus a secondary password which will be either sent via SMS or a stand-alone security token. 3. Targeting Machine-to-Machine (M2M) Communications – M2M communications allow wireless and wired machines to communicate with other devices which can solve many human error problems. However, the security of these systems is still questionable. Hacking into M2Ms has not been seen yet, but this is likely to happen next year unless there is improvement in their security. For more information visit http://www.equities.com/news/headline-story?dt=2012-12-10&val=807181&cat=goods.

Read More »
we-are-anonymous

What’s HOT in Application Security Vol #38

Dec 03, 2012 By asaphs | Hacking Group ‘Anonymous’ attacks Syrian Government websites In Response To Syrian Internal Internet Blackout
In response to a Syrian government move which has closed all fax, phone and Internet lines coming out of the troubled country, the hacking group ‘Anonymous’ started last Friday to attack and shut down government and affiliated pro-Syrian websites.

Read More »
groupon.co_.il-hacked-300x168

What’s HOT in Application Security Vol #37

Nov 20, 2012 By asaphs | Hacktivists reach a new level of cyber terror in Israel
Since the outbreak of hostilities between Gaza and Israel, several Israeli companies as well as those doing business with them have absorbed quite a few cyber attacks. According to various sources, 44 million attacks have been prevented since rockets began falling.

Read More »
european-union-hacked-300x203

What’s HOT in Application Security Vol #36

Nov 13, 2012 By asaphs | EU Official hacked at an Internet Security Conference
A European Union Official has come out in a statement which declared that her staff was hacked when they attended an internet Security conference last month in Azerbaijan. EC Vice President Neelie Kroes, released a statement about the ironic hack in her blog last week, where she went into further detail to explain the scope of what happened and how her and her employees computers were compromised at a meeting of the Internet Governance Forum in Baku.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE