In the News

Checkmarx Announces Support For Swift Programming Language Vulnerability Detection And Remediation

7 Sep 2016 | By Checkmarx

Checkmarx, a global leader in application security testing, today announced Swift language support, providing Checkmarx users with the ability to identify and mitigate security, quality and compliance issues in their Swift code before it reaches production. The new capability adds Swift to the growing list of supported languages that can be scanned for vulnerabilities and compliance issues by Checkmarx’s Source Code Analysis solution, CxSAST.

Swift, one of the fastest growing programming languages in history, is being increasingly adopted by organizations across all verticals. Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now considering implementing Swift as a “first class” language for Android, Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, Lyft, Firefox, LinkedIn and others have adopted Swift into their projects. With Swift now available to the open source community there is little doubt that its uptake will grow even more significantly. Considering its meteoric rise in popularity, and the increasing amount of sensitive personal data contained within Swift applications, there is an urgent need to ensure that all projects written in Swift are properly scanned for security, quality and compliance issues.

Checkmarx scans Swift code for a wide range of potential vulnerabilities including high-level security threats such as SQL injections (SQLi), reflected XSS, buffer overflows, stored XSS and others.

Adding to the extensive list of 20 programming languages already supported by Checkmarx’s CxSAST, the addition of Swift support complements Checkmarx’s superior support for iOS and OS X applications. Checkmarx’s programming language support is operating system agnostic, which serves as a significant advantage for iOS and Swift development shops that can maintain their code security levels even upon new iOS version releases.

“Checkmarx is committed to keeping up with the most advanced development technologies,” says Checkmarx VP of Products Nir Livni. “Many of our customers already use Checkmarx’s CxSAST to deliver secure mobile applications and Swift language support is part of this coverage. Swift is quickly becoming the most popular mobile development language and I am glad we are able to help our customers introduce new mobile applications while ensuring they are secure.”

Read the original release on BusinessWire.

Checkmarx, a global leader in application security testing, today announced Swift language support, providing Checkmarx users with the ability to identify and mitigate security, quality and compliance issues in their Swift code before it reaches production. The new capability adds Swift to the growing list of supported languages that can be scanned for vulnerabilities and compliance issues by Checkmarx’s Source Code Analysis solution, CxSAST.

Swift, one of the fastest growing programming languages in history, is being increasingly adopted by organizations across all verticals. Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now considering implementing Swift as a “first class” language for Android, Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, Lyft, Firefox, LinkedIn and others have adopted Swift into their projects. With Swift now available to the open source community there is little doubt that its uptake will grow even more significantly. Considering its meteoric rise in popularity, and the increasing amount of sensitive personal data contained within Swift applications, there is an urgent need to ensure that all projects written in Swift are properly scanned for security, quality and compliance issues.

Checkmarx scans Swift code for a wide range of potential vulnerabilities including high-level security threats such as SQL injections (SQLi), reflected XSS, buffer overflows, stored XSS and others.

Adding to the extensive list of 20 programming languages already supported by Checkmarx’s CxSAST, the addition of Swift support complements Checkmarx’s superior support for iOS and OS X applications. Checkmarx’s programming language support is operating system agnostic, which serves as a significant advantage for iOS and Swift development shops that can maintain their code security levels even upon new iOS version releases.

“Checkmarx is committed to keeping up with the most advanced development technologies,” says Checkmarx VP of Products Nir Livni. “Many of our customers already use Checkmarx’s CxSAST to deliver secure mobile applications and Swift language support is part of this coverage. Swift is quickly becoming the most popular mobile development language and I am glad we are able to help our customers introduce new mobile applications while ensuring they are secure.”

Read the original release on BusinessWire.


</close>

Election exploits: What you need to know [infographic]

7 Sep 2016 | By CSO staff

In late August, the FBI warned state election officials about an attack on voter registration databases from Illinois and Arizona.

"According to the FBI’s alert, 'an unknown actor' attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster," reported IDG's Michael Kan. "The hackers then found an SQL injection vulnerability — a common attack point in websites — and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia."

It isn't known whether these election database hacks are tied either to the DNC hack or other recent breaches, but Amit Ashbel, director of product marketing at Checkmarx believes it wasn't part of a state-sponsored attack.

The following infographic from application security provider Checkmarx offers an overview of the election breaches, including how the attackers got in and what they stole.

Continue reading the article (and check out the Infographic) on CSO

In late August, the FBI warned state election officials about an attack on voter registration databases from Illinois and Arizona.

“According to the FBI’s alert, ‘an unknown actor’ attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster,” reported IDG’s Michael Kan. “The hackers then found an SQL injection vulnerability — a common attack point in websites — and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia.”

It isn’t known whether these election database hacks are tied either to the DNC hack or other recent breaches, but Amit Ashbel, director of product marketing at Checkmarx believes it wasn’t part of a state-sponsored attack.

The following infographic from application security provider Checkmarx offers an overview of the election breaches, including how the attackers got in and what they stole.

Continue reading the article (and check out the Infographic) on CSO


</close>

Corbyn announces digital ‘bill of rights’

1 Sep 2016 | By Max Metzger

Jeremy Corbyn intends to introduce a digital ‘bill of rights' in the UK.

The leader of the Labour party presented his intentions in Shoreditch as he unveiled the ‘digital democracy manifesto', setting out proposed guarantees for citizens in the online space.

Amit Ashbel, cyber-security evangelist at Checkmarx questions whether the move is purely populism. The notion of a passport, Ashbel told SC, is instantly presented with the problem, “What would make this passport secure? Where will this data be stored and who is in charge of keeping the citizen's identifiable data. I for one would not trust any government organisation to safely store and protect my personal data.”

 

Continue reading this article on SC Magazine

Jeremy Corbyn intends to introduce a digital ‘bill of rights’ in the UK.

The leader of the Labour party presented his intentions in Shoreditch as he unveiled the ‘digital democracy manifesto’, setting out proposed guarantees for citizens in the online space.

Amit Ashbel, cyber-security evangelist at Checkmarx questions whether the move is purely populism. The notion of a passport, Ashbel told SC, is instantly presented with the problem, “What would make this passport secure? Where will this data be stored and who is in charge of keeping the citizen’s identifiable data. I for one would not trust any government organisation to safely store and protect my personal data.”

 

Continue reading this article on SC Magazine


</close>

Real World Problems Solved By Application and Data Security

1 Sep 2016 | By

To gather insights on the state of application and data security, we spoke with 19 executives who are involved in application and data security for their clients. Here's what they told us when we asked them, "What are some real world problems being solved by securing applications and data?"

  • The problems that are solved are those that are never seen – hacks that never happen. Application security stops financial disasters at the Federal Reserve and the IMF. Others enable communications for national defense. Software is eating the world. There are huge efficiencies being driven but these are open to new attacks with everything being on a computer. The potential cost to the reputation of a firm is billions of dollars.
  • We’re not solving the problems. They keep cropping up with OPM, DNC, and Clinton email breaches. We do not have proper application based security.
  • PCI implementation. While this can be daunting, it’s mostly scare tactics versus providing clients guidance the way we do. If you're level four you answer 200 questions and have a firewall. Level one is more but those companies can hire a qualified security associate. OWASP 10, common sense, education – freelance analyst needed to document what they were doing with the data to keep the customers’ information safe.

Read the full article on DZone.com here

To gather insights on the state of application and data security, we spoke with 19 executives who are involved in application and data security for their clients. Here’s what they told us when we asked them, “What are some real world problems being solved by securing applications and data?”

  • The problems that are solved are those that are never seen – hacks that never happen. Application security stops financial disasters at the Federal Reserve and the IMF. Others enable communications for national defense. Software is eating the world. There are huge efficiencies being driven but these are open to new attacks with everything being on a computer. The potential cost to the reputation of a firm is billions of dollars.
  • We’re not solving the problems. They keep cropping up with OPM, DNC, and Clinton email breaches. We do not have proper application based security.
  • PCI implementation. While this can be daunting, it’s mostly scare tactics versus providing clients guidance the way we do. If you’re level four you answer 200 questions and have a firewall. Level one is more but those companies can hire a qualified security associate. OWASP 10, common sense, education – freelance analyst needed to document what they were doing with the data to keep the customers’ information safe.

Read the full article on DZone.com here


</close>

Training Tips to Help Developers Snag Security Gold

29 Aug 2016 | By Darryl K. Taft

The 2016 Summer Olympics in Rio de Janeiro caught the collective attention of the world, which watched as best-in-class athletes from countries from around the world competed for the coveted medals and honor for their countries. For those competing, the road to this year's Summer Olympics was paved with trial and error, grueling training processes and a desire to be the best.

In the enterprise space, companies are competing in their own "Business Olympics" daily as they look to stand apart in their respective space and beat out the competition. One critical element of success for every organization is security and ensuring its employees, customers and partners that its sensitive and that proprietary information is safe and secure.

So developers, listen up! It's never too early to start training if you're going for the gold in security in 2020. Based on conversations with executives at Checkmarx, this eWEEK slide show offers 10 training tips that you'll want to keep in your back pocket.

Check out the original article & slideshow here

The 2016 Summer Olympics in Rio de Janeiro caught the collective attention of the world, which watched as best-in-class athletes from countries from around the world competed for the coveted medals and honor for their countries. For those competing, the road to this year’s Summer Olympics was paved with trial and error, grueling training processes and a desire to be the best.

In the enterprise space, companies are competing in their own “Business Olympics” daily as they look to stand apart in their respective space and beat out the competition. One critical element of success for every organization is security and ensuring its employees, customers and partners that its sensitive and that proprietary information is safe and secure.

So developers, listen up! It’s never too early to start training if you’re going for the gold in security in 2020. Based on conversations with executives at Checkmarx, this eWEEK slide show offers 10 training tips that you’ll want to keep in your back pocket.

Check out the original article & slideshow here


</close>

Can Your Small Business Afford to Be Hacked?

24 Aug 2016 | By Matthew Kazin

Most large companies are able to financially survive a cyberattack. But for a small business with fewer employees and less revenue, a data breach can bring business to a halt, and costs associated with the recovery can run a bank account dry.

Ransomware, a type of malware designed to render data or an entire network useless, is one of the most common ways hackers will try to extort money from small businesses. Typically, the victim will have to pay the attacker in exchange for a decryption key, which can cost anywhere from a few hundred to a few thousands of dollars, depending on the industry and whether a cyberforensics team is needed.

Eighty-nine percent of breaches overall this year had a financial espionage motive, according to the Verizon 2016 Data Breach Investigations ReportOpens a New Window.. It is estimated cybercrimes will cost businesses more than $2 trillion each year by 2019, according to data from CheckmarOpens a New Window.x, a company specializing in application security.

Continue reading the original article on Fox Business

Most large companies are able to financially survive a cyberattack. But for a small business with fewer employees and less revenue, a data breach can bring business to a halt, and costs associated with the recovery can run a bank account dry.

Ransomware, a type of malware designed to render data or an entire network useless, is one of the most common ways hackers will try to extort money from small businesses. Typically, the victim will have to pay the attacker in exchange for a decryption key, which can cost anywhere from a few hundred to a few thousands of dollars, depending on the industry and whether a cyberforensics team is needed.

Eighty-nine percent of breaches overall this year had a financial espionage motive, according to the Verizon 2016 Data Breach Investigations ReportOpens a New Window.. It is estimated cybercrimes will cost businesses more than $2 trillion each year by 2019, according to data from CheckmarOpens a New Window.x, a company specializing in application security.

Continue reading the original article on Fox Business


</close>

Checkmarx Tells Us Why App Developers Should Care About App Security

18 Aug 2016 | By Richard Harris

We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-scene.

ADM: What is Checkmarx and how does it differ from other security software’s that are currently available for developers?

Benzaquen: Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. For enterprise companies who want to minimize application security risks, Checkmarx provides products and services to detect and eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST provides faster feedback loops and higher accuracy resulting in wider developer adoption.
For DevOps and AppSec professionals who want to embed security as part of the continuous integration flow, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST seamlessly fits into the continuous integration tool chain, without imposing delays. For AppSec professionals who want developers to take ownership of application security, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST can be easily adapted to the application code, resulting in higher accuracy and wider developer adoption.
Continue reading the interview in App Developer Magazine

We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-scene.

ADM: What is Checkmarx and how does it differ from other security software’s that are currently available for developers?

Benzaquen: Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. For enterprise companies who want to minimize application security risks, Checkmarx provides products and services to detect and eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST provides faster feedback loops and higher accuracy resulting in wider developer adoption.
For DevOps and AppSec professionals who want to embed security as part of the continuous integration flow, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST seamlessly fits into the continuous integration tool chain, without imposing delays. For AppSec professionals who want developers to take ownership of application security, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Unlike other SAST solutions, CxSAST can be easily adapted to the application code, resulting in higher accuracy and wider developer adoption.
Continue reading the interview in App Developer Magazine

</close>

Data Security & The NSA – Amit Ashbel on i24 News

17 Aug 2016 | By Amit Ashbel

Watch Checkmarx's Amit Ashbel discuss who could be behind the recent N.S.A. hack as well as their possible motives on i24 news. Original interview on i24 here.

Watch Checkmarx’s Amit Ashbel discuss who could be behind the recent N.S.A. hack as well as their possible motives on i24 news. Original interview on i24 here.


</close>

Security Threats Ready to Attack Your Business

17 Aug 2016 | By DE Brown

If your application was a bird, what would it be? An eagle soaring above the competition and proactively avoiding threats, or an ostrich with its head buried in the sand and oblivious to any potential attacks? When it comes to security, most applications are akin to the ostrich. Despite application security impacting an organization’s brand perception and even its bottom line, many businesses do not test their applications for security, instead relying on basic internal checks and only resolving vulnerabilities if they become a problem.

This reactive approach can have a disastrous effect when a vulnerability in your application is exploited by a malicious third party. Repercussions such as reputational damage, data breaches, loss of customer confidence, excessive downtime and potentially expensive remediation and legal costs could permanently clip your organization’s wings.

Despite such catastrophic consequences, application security is often not at the forefront of many organizations’ minds. According to application security solution provider Checkmarx, organizations should shift their focus from securing network parameters to protecting the application level. It identified five of the most common and serious application security threats your business must watch out for.

Continue reading this article on Newswire.net

If your application was a bird, what would it be? An eagle soaring above the competition and proactively avoiding threats, or an ostrich with its head buried in the sand and oblivious to any potential attacks? When it comes to security, most applications are akin to the ostrich. Despite application security impacting an organization’s brand perception and even its bottom line, many businesses do not test their applications for security, instead relying on basic internal checks and only resolving vulnerabilities if they become a problem.

This reactive approach can have a disastrous effect when a vulnerability in your application is exploited by a malicious third party. Repercussions such as reputational damage, data breaches, loss of customer confidence, excessive downtime and potentially expensive remediation and legal costs could permanently clip your organization’s wings.

Despite such catastrophic consequences, application security is often not at the forefront of many organizations’ minds. According to application security solution provider Checkmarx, organizations should shift their focus from securing network parameters to protecting the application level. It identified five of the most common and serious application security threats your business must watch out for.

Continue reading this article on Newswire.net


</close>

Security Guy Radio Interview with Checkmarx’s Amit Ashbel

13 Aug 2016 | By Chuck Harold

The team at Security Guy Radio caught up with Checkmarx Cyber Security Evangelist Amit Ashbel at Black Hat Vegas this year. Amit talked to Security Guy Radio about what Checkmarx does and why both developers and security teams alike choose Checkmarx as their security testing solution of choice. Listen to the podcast below or head to Security Guy Radio on Soundcloud.

The team at Security Guy Radio caught up with Checkmarx Cyber Security Evangelist Amit Ashbel at Black Hat Vegas this year. Amit talked to Security Guy Radio about what Checkmarx does and why both developers and security teams alike choose Checkmarx as their security testing solution of choice. Listen to the podcast below or head to Security Guy Radio on Soundcloud.


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.