In the News

Executive Viewpoint 2017 Prediction: Checkmarx – Spotting Software Trends and Beyond

6 Feb 2017 | By Paul Curran

Software is now embedded in every aspect of modern day business, making it critical for organizations to understand how the industry is evolving and where it’s headed. The internet, with the addition of software, has changed the way people and businesses interact and engage, especially when you consider the fact that there are over 4.5 million apps available on platforms such as Google, Apple and Microsoft. Software is the driving force behind everyday tasks like communicating with clients and driving to work. At Checkmarx, we’re keeping an eye on the software industry to spot trends and opportunities in the application space and adapt accordingly.

 

The full article can be found here

Software is now embedded in every aspect of modern day business, making it critical for organizations to understand how the industry is evolving and where it’s headed. The internet, with the addition of software, has changed the way people and businesses interact and engage, especially when you consider the fact that there are over 4.5 million apps available on platforms such as Google, Apple and Microsoft. Software is the driving force behind everyday tasks like communicating with clients and driving to work. At Checkmarx, we’re keeping an eye on the software industry to spot trends and opportunities in the application space and adapt accordingly.

 

The full article can be found here


</close>

January 2017: The month in hacks and breaches

6 Feb 2017 | By CSO Staff

Then, on January 19th, internet account passwords for 14 Trump appointees, including Rudy Giuliani and Michael Flynn, were leaked online, the result of “mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016,” according to a report by Britain’s Channel 4.

But that wasn't all the news from January. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

For the full article and infographic, click here

Then, on January 19th, internet account passwords for 14 Trump appointees, including Rudy Giuliani and Michael Flynn, were leaked online, the result of “mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016,” according to a report by Britain’s Channel 4.

But that wasn’t all the news from January. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

For the full article and infographic, click here


</close>

J is for Java Script

6 Feb 2017 | By Network Computing

J is for JavaScript. JavaScript is a core component of and present in almost every element of the web browsing experience. Because of the prolific nature of JavaScript on the web, any JavaScript vulnerabilities that are identified are valuable to cybercriminals and can be exploited to attack websites, individuals and networks.

"This programming language was developed under the code name Mocha and was originally known as LiveScript. It was created in just 10 days by Netscape Communications Corporation and the programmer, Brendan Eich, later went on to co-found the Mozilla Project", explains Amit Ashbel, Cyber Security Evangelist at Checkmarx.

Amit continues with the history, saying "The language was created by Eich as a more accessible glue type language for casual programmers who were building web content instead of Java, which was seen as a component language used by higher priced programmers. Despite the confusion between Java and JavaScript, the name change from LiveScript to JavaScript actually worked as a marketing tactic to capitalise on the hot programming language of the time."

 

For the full article, click here

J is for JavaScript. JavaScript is a core component of and present in almost every element of the web browsing experience. Because of the prolific nature of JavaScript on the web, any JavaScript vulnerabilities that are identified are valuable to cybercriminals and can be exploited to attack websites, individuals and networks.

“This programming language was developed under the code name Mocha and was originally known as LiveScript. It was created in just 10 days by Netscape Communications Corporation and the programmer, Brendan Eich, later went on to co-found the Mozilla Project”, explains Amit Ashbel, Cyber Security Evangelist at Checkmarx.

Amit continues with the history, saying “The language was created by Eich as a more accessible glue type language for casual programmers who were building web content instead of Java, which was seen as a component language used by higher priced programmers. Despite the confusion between Java and JavaScript, the name change from LiveScript to JavaScript actually worked as a marketing tactic to capitalise on the hot programming language of the time.”

 

For the full article, click here


</close>

Checkmarx Announces Open Beta for Scala Programming Language Vulnerability Detection

1 Feb 2017 | By Business Wire

Checkmarx is the first static analysis solution to support Scala. The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to identify security and compliance issues in the flows between Scala and Java, and vice versa – enabling applications built using both Java and Scala to be fully analyzed using a single Checkmarx scan. With Checkmarx, users can identify a wide range of potential vulnerabilities in Scala code such as code injections, connection string injections, reflected XSS, SQL injections, stored XSS and many more.

 

The full article is available here

Checkmarx is the first static analysis solution to support Scala. The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to identify security and compliance issues in the flows between Scala and Java, and vice versa – enabling applications built using both Java and Scala to be fully analyzed using a single Checkmarx scan. With Checkmarx, users can identify a wide range of potential vulnerabilities in Scala code such as code injections, connection string injections, reflected XSS, SQL injections, stored XSS and many more.

 

The full article is available here


</close>

Checkmarx opens beta support for Scala programming language

1 Feb 2017 | By Michael Haynes

Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.

 

Click here to continue reading. 

Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.

 

Click here to continue reading. 


</close>

Trump, Twitter and Hackers? Don’t Just Use Passwords

31 Jan 2017 | By Jimmy H. Koo

“A Twitter account probably has no financial value by itself but depending on the account owner, it could be used to spread false information and create wrong impressions,” Amit Ashbel, director of product marketing and cyber security evangelist at application testing company Checkmarx Ltd. in Tel Aviv, told Bloomberg BNA.

 

Click here for the full article.

“A Twitter account probably has no financial value by itself but depending on the account owner, it could be used to spread false information and create wrong impressions,” Amit Ashbel, director of product marketing and cyber security evangelist at application testing company Checkmarx Ltd. in Tel Aviv, told Bloomberg BNA.

 

Click here for the full article.


</close>

Report: malicious ‘fake’ news links used to socially engineer

31 Jan 2017 | By Max Metzger

Amit Ashbel, cyber-security evangelist at Checkmarx told SC: “I think that it's not exactly the fake news that create these excellent lure tactics but rather the targeted news.”

“Modern social engineering campaigns are based on research. Hackers build a persona profile for the people they are after.” Ashbel added, “The more information you expose about your life, the more accurate the social engineering attack will be and this is why ‘fake news' are still successful attack techniques.”

 

The full article can be found on SC Magazine

Amit Ashbel, cyber-security evangelist at Checkmarx told SC: “I think that it’s not exactly the fake news that create these excellent lure tactics but rather the targeted news.”

“Modern social engineering campaigns are based on research. Hackers build a persona profile for the people they are after.” Ashbel added, “The more information you expose about your life, the more accurate the social engineering attack will be and this is why ‘fake news’ are still successful attack techniques.”

 

The full article can be found on SC Magazine


</close>

Shift Left – how to improve security in your developers’ code – do it earlier

27 Jan 2017 | By Tony Morbin

There was a pretty simple premise behind last week's Shift Left conference, organised by Checkmarx at the Bulgari hotel in Knightsbridge.  If you look at the software development cycle, it typically starts with the setting of requirements, design, build, test, deploy and maintain.  All too often security considerations don't get a look in until after testing and just before deployment.  But the further to the left on that process that you engage in security, the greater the impact, because later design changes are more complex and difficult to make, more costly, and more time consuming – even if they are still possible.  And a recall of deployed systems is the most costly of all.

 

Continue reading here.

There was a pretty simple premise behind last week’s Shift Left conference, organised by Checkmarx at the Bulgari hotel in Knightsbridge.  If you look at the software development cycle, it typically starts with the setting of requirements, design, build, test, deploy and maintain.  All too often security considerations don’t get a look in until after testing and just before deployment.  But the further to the left on that process that you engage in security, the greater the impact, because later design changes are more complex and difficult to make, more costly, and more time consuming – even if they are still possible.  And a recall of deployed systems is the most costly of all.

 

Continue reading here.


</close>

Checkmarx appoints Shmuel Arvatz as Chief Financial Officer

16 Jan 2017 | By Dawn Nicholls

NEW YORK: Checkmarx has announced Shmuel Arvatz as the company’s new chief financial officer (CFO). In this role, Mr. Arvatz will report to Checkmarx CEO Emmanuel Benzaquen, and will have global responsibility for leading the company's financial operations, as well as legal and other various operational departments. Along with these responsibilities, Mr. Arvatz will provide leadership to the broader organization to help Checkmarx accelerate its rapid growth. Mr. Arvatz brings over 25 years of finance experience to Checkmarx. Throughout his career, he has served as CFO of multiple large software companies, where he managed global finance and accounting operations and led initial and secondary public offerings, mergers and acquisitions, and sales transactions. Before joining Checkmarx, Mr. Arvatz was the CFO of Allot Communications, a leading provider of security and monetization solutions. Additionally, Mr. Arvatz gained extensive experience as the CFO of ClickSoftware, a leading provider of field service and workforce management software. He also served as CFO and executive vice president of Tecnomatix Technologies Ltd., a leading provider of software e-manufacturing solutions.

 

The full article is available here

NEW YORK: Checkmarx has announced Shmuel Arvatz as the company’s new chief financial officer (CFO). In this role, Mr. Arvatz will report to Checkmarx CEO Emmanuel Benzaquen, and will have global responsibility for leading the company’s financial operations, as well as legal and other various operational departments. Along with these responsibilities, Mr. Arvatz will provide leadership to the broader organization to help Checkmarx accelerate its rapid growth. Mr. Arvatz brings over 25 years of finance experience to Checkmarx. Throughout his career, he has served as CFO of multiple large software companies, where he managed global finance and accounting operations and led initial and secondary public offerings, mergers and acquisitions, and sales transactions. Before joining Checkmarx, Mr. Arvatz was the CFO of Allot Communications, a leading provider of security and monetization solutions. Additionally, Mr. Arvatz gained extensive experience as the CFO of ClickSoftware, a leading provider of field service and workforce management software. He also served as CFO and executive vice president of Tecnomatix Technologies Ltd., a leading provider of software e-manufacturing solutions.

 

The full article is available here


</close>

Predicting a soft future for the security world in 2020

11 Jan 2017 | By Security News Desk

Paul Curran, Content Specialist for Checkmarx looks at several major trends to provide insight on what the software security world will look like in 2020.

Society, having moved from an industrial age to the birth of the internet is now truly an era where software has become the most critical aspect of our modern world. In earlier times, manufactured products left the factory with just a single purpose, now, through updates via the internet, products evolve or play host to the 4.5 million apps available on platforms from Google, Apple and Microsoft. From national infrastructure to banking and even the cars we drive, software is vital for our health, safety and wellbeing.

 

Continue reading the full article here

Paul Curran, Content Specialist for Checkmarx looks at several major trends to provide insight on what the software security world will look like in 2020.

Society, having moved from an industrial age to the birth of the internet is now truly an era where software has become the most critical aspect of our modern world. In earlier times, manufactured products left the factory with just a single purpose, now, through updates via the internet, products evolve or play host to the 4.5 million apps available on platforms from Google, Apple and Microsoft. From national infrastructure to banking and even the cars we drive, software is vital for our health, safety and wellbeing.

 

Continue reading the full article here


</close>
REQUEST A DEMO

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.