Mobile Security

Read about the latest news and trends in the Mobile AppSec arena, where we follow the direction of mobile cybercrime, where the state of mobile security is today, and where we're headed tomorrow.

Is Your Child’s Data Safe From The Man In The Middle?

Oct 24, 2017 By Dafna Zahger | With a whopping 2.2 billion gamers and $46.1B in revenue for mobile games (42% of the market), chances are you and\or your loved ones play mobile games. Children are no exception, according to a Nielsen research piece from earlier this year, most children get their own mobile phone between ages 10 – 12. It seems that we have grown accustomed to the dangers of mobile hacks and breaches, but when it comes to children’s safety, do we raise the flag often enough? Many of the mobile games that are most popular among children and teens are highly vulnerable, almost inviting hackers into our, and our children’s lives.  

Read More »

Key Takeaways from Ponemon’s 2017 Study on Mobile and Internet of Things Application Security

Mar 01, 2017 By Arden Rubens | Today, organizations are developing and releasing mobile and Internet of Things (IoT) devices and apps at a rapid speed. According to recent research, it is estimated that around 50B IoT devices will be connected to the Internet by 2020 while 2017 started with a record 2.2M downloadable apps in the App Store.   Every year, Ponemon Institute releases a study on Mobile and Internet of Things Application Security focusing on understanding how organizations are lowering the risks in mobile and IoT apps in the workplace. Based on this study, while the worry and understanding of mobile and IoT application security threats is increasing. There is a severe lack of urgency in addressing issues and proper application security testing is occurring during later stages in an app’s SDLC. Continue reading for a full list of key takeaways from Ponemon’s 2017 Study on Mobile and Internet of Things Application Security.

Read More »
Hybrid versus native mobile development

Hybrid versus Native Mobile App Development: Methodologies, Risks and Tools

Aug 10, 2016 By Paul Curran | As our focus changes from content on the web to content on mobile, our mobile devices play an increasingly vital role in the way we communicate, consume content, conduct business and more. For organizations and businesses in every vertical, mobile applications are no longer an option, but a requirement in order to stay ahead of the curve and relevant with their customers. Read on to learn about hybrid versus native mobile development when it comes to methodologies, risks and tools.

Read More »

The Need for HIPAA Compliance in the Crowded Mobile Health Space

Aug 08, 2016 By Paul Curran | As the mHealth (mobile health) vertical continues to expand from healthcare apps to fitness trackers, from doctor appointment scheduling helpers and peer support communities, the control, and privacy that the end users have over our personal health records is being increasingly jeopardized. New applications and digital health resources keep emerging which make it unclear whether or not the sensitive data stored within will be secured and covered under the Health Insurance Portability and Accountability Act (HIPAA).

Read More »
Mobile App Security

Common Oversights in Mobile App Security

Aug 02, 2016 By Kevin Beaver | Mobile apps arguably have the greatest number of security flaws of any enterprise system – and no one seems to know much about them. Mobile app security flaws are numerous across all types of business apps. But why?   Perhaps it’s the mentality that “it’s just an app” or the reality that many business owners, especially those in smaller businesses who might not have advanced security, fall for the marketing hype of “we’ve got to have a mobile app,” without including security in the discussion. Mobile apps are as complex as ever, yet the security flaws are very predictable – and the bad guys know it.

Read More »
OWASP Mobile Top 10 Vulnerabilities

OWASP Mobile Top Ten: Avoiding The Most Common Mobile Vulnerabilities

Jun 10, 2016 By Sarah Vonnegut | Another week, another mobile app fiasco. This time around, we learned how an IoT connected car can be controlled through the WiFi installed in the car, enabling Mitsubishi Outlander car owners – as well as attackers – to wirelessly connect to the car’s console, allowing them to do things like turn off the car alarm and mess with the car’s system.
  Even tech giants as big as Apple have struggled with mobile app insecurity issues. Last September, the App Store was hit with its own security scandal when Chinese developers used unofficial versions of Apple’s developer toolkit. That move invited malware into apps that somehow passed through Apple’s security standards and were made available to the masses.   Technology is moving fast – perhaps a bit too fast, if we’re factoring in the ability of organizations to implement high security standards throughout the ranks. But slowing down is not a possibility – security cannot afford to lag behind.

Read More »

7 Deadly Sins of Secure Mobile App Development

Apr 19, 2016 By Paul Curran | When was the last time you left your house holding your social security card, all of your credit cards, health records, passwords, and a record of all the highly intimate messages that you’ve sent to your friends and loved ones?    Who would leave their house with all of this sensitive stuff? It would fill boxes and binders and no one would be foolish enough to carry it all with them at the same time, right?

Read More »
Mobile Application Security Testing Tools

How to Get More Out of Your Mobile Application Security Testing Tools

Apr 15, 2016 By Sarah Vonnegut | Users expect the apps they download to be secure and safe, in addition to fast and feature-packed. It’s up to the organizations releasing applications – which most likely includes you, if you’re reading this – to meet (and exceed) their expectations. If you don’t meet expectations, you’re in bad luck: A 2013 study found that 88% of Americans have negative views of companies with mobile apps or sites that perform poorly or too slowly.

Read More »
android metaphor stagefright attack large

Another Android Stagefright Vulnerability is Exposed

Apr 06, 2016 By Paul Curran | In mid March, the advanced software researchers at NorthBit released a video and detailed research PDF demonstrating proof of concept of a notorious exploit that can essentially offer hackers control over device hardware and data of certain Android phones. This latest exploit of Android’s Stagefright is referred to as “Metaphor.”

Read More »
Online Banking Security

All You Wanted To Know About Online Banking Security

Jan 17, 2016 By Sharon Solomon | Gone are the days when people frequented their banks to get their errands done. With more and more banking activities being performed online via web and mobile applications, the security risks are rising exponentially. But are banks and financial institutions doing enough to safeguard our privacy and financial assets? What are the risks and what role do application developers play in providing online banking security? Let’s take a closer look.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.