In the News

Is there such a thing as secure code?

8 Dec 2015 | By Ami Roheks Domba

One of the "million dollar questions" in the information security industry is whether or not a way even exists to write secure code.

And, as it turns out, there's no real consensus on one true answer. Some believe that with convenient tools for developers, there is a chance for the code to be secured. Another group claims they can monitor the development of hundreds of thousands of developers who don't fully understand the principles of secure coding.

Yet despite the lack of consensus in the industry, the problem of developing secure code practices continues to prevail. Checkmarx, an Israeli company, has set off to address this issue head on.

Continue reading this article (in Hebrew)

 

 

One of the “million dollar questions” in the information security industry is whether or not a way even exists to write secure code.

And, as it turns out, there’s no real consensus on one true answer. Some believe that with convenient tools for developers, there is a chance for the code to be secured. Another group claims they can monitor the development of hundreds of thousands of developers who don’t fully understand the principles of secure coding.

Yet despite the lack of consensus in the industry, the problem of developing secure code practices continues to prevail. Checkmarx, an Israeli company, has set off to address this issue head on.

Continue reading this article (in Hebrew)

 

 


</close>

Hacking is a business – and business is good

6 Dec 2015 | By Bill Snyder

Parents freaked out when hackers stole millions of records from VTech, a Hong Kong-based toy maker. Because the records included information on at least 200,000 children, those mothers and fathers were probably more worried about kidnappings and child pornography than financial mischief.

But hacks like the attack on VTech are almost never related to violent crimes -- they're about money. Though the hackers' haul didn't include credit card numbers, the data dump was likely a precursor to a serious financial hack enabled by the personal information stolen from VTech, says Amit Ashbel, a cyber security analyst at Checkmarx, an application security firm.

Read the full article here

Parents freaked out when hackers stole millions of records from VTech, a Hong Kong-based toy maker. Because the records included information on at least 200,000 children, those mothers and fathers were probably more worried about kidnappings and child pornography than financial mischief.

But hacks like the attack on VTech are almost never related to violent crimes — they’re about money. Though the hackers’ haul didn’t include credit card numbers, the data dump was likely a precursor to a serious financial hack enabled by the personal information stolen from VTech, says Amit Ashbel, a cyber security analyst at Checkmarx, an application security firm.

Read the full article here


</close>

VTech hack exposes personal data of 4.8M customers — and their kids

1 Dec 2015 | By Bill Snyder

VTech, a maker of electronic toys for children, was recently hit with a major hack that exposed account information on 4.8 million customers.

The information includes parent names, home addresses, email addresses and passwords. The theft also included 200,000 records related to the customers' children, including their "first names, genders and birthdays," according to Motherboard, the website that first reported the data breach.

Stolen info used to create profiles of victims

The stolen records did not include financial information, such as credit card numbers, according to a VTech press release addressing the breach. However, the data obtained by the hackers could potentially be combined with additional personal information on the victims and then used to create detailed profiles. Criminals could then use those to steal more valuable information, says Amit Ashbel, a "cyber security evangelist" with application security firm Checkmarx.

"Hackers constantly collect as much data as they can," he says. "This could be the first step in a series of attacks."

Continue reading this article here.

VTech, a maker of electronic toys for children, was recently hit with a major hack that exposed account information on 4.8 million customers.

The information includes parent names, home addresses, email addresses and passwords. The theft also included 200,000 records related to the customers’ children, including their “first names, genders and birthdays,” according to Motherboard, the website that first reported the data breach.

Stolen info used to create profiles of victims

The stolen records did not include financial information, such as credit card numbers, according to a VTech press release addressing the breach. However, the data obtained by the hackers could potentially be combined with additional personal information on the victims and then used to create detailed profiles. Criminals could then use those to steal more valuable information, says Amit Ashbel, a “cyber security evangelist” with application security firm Checkmarx.

“Hackers constantly collect as much data as they can,” he says. “This could be the first step in a series of attacks.”

Continue reading this article here.


</close>

50 enterprise startups to bet your career on in 2016

29 Nov 2015 | By Julie Bort, Eugene Kim, Matt Weinberger

The 2015 Holiday Season is upon us and the year is drawing to a close. Soon our thoughts will drift to our hopes and goals for 2016.

For those who are dreaming of a new job at an up-and-coming young company, we’ve compiled this list to help. All of these companies specialize in making tech for work and business use, a $3.5 trillion worldwide market.

All of them had spectacular years in 2015, by launching great new technology or getting a boatload of funding or landing big partnerships and generally setting themselves up for a successful 2016 and beyond.

Checkmarx: helping developers write safer, more secure apps

CheckMarx helps software programmers check their apps for security holes. With the $84 million it raised in June, it's knocking on the door of Israel's small-but-growing unicorn club.

Checkmarx names Salesforce.com, SAP, Samsung, Coca Cola, the US Army as customers, has 130 employees in offices worldwide.

Read the whole article here.

The 2015 Holiday Season is upon us and the year is drawing to a close. Soon our thoughts will drift to our hopes and goals for 2016.

For those who are dreaming of a new job at an up-and-coming young company, we’ve compiled this list to help. All of these companies specialize in making tech for work and business use, a $3.5 trillion worldwide market.

All of them had spectacular years in 2015, by launching great new technology or getting a boatload of funding or landing big partnerships and generally setting themselves up for a successful 2016 and beyond.

Checkmarx: helping developers write safer, more secure apps

CheckMarx helps software programmers check their apps for security holes. With the $84 million it raised in June, it’s knocking on the door of Israel’s small-but-growing unicorn club.

Checkmarx names Salesforce.com, SAP, Samsung, Coca Cola, the US Army as customers, has 130 employees in offices worldwide.

Read the whole article here.


</close>

Checkmarx Honored on Deloitte’s Tech Fast50 2015

11 Nov 2015 | By Admin

Checkmarx is pleased to announce that we have been selected as one of Israel's fastest growing companies in Deloitte's Fast50 2015 awards program for the third year in a row. As the fastest growing cyber security company and the 14th fastest growing company in the Startup Nation, we're thrilled to have been recognized by Deloitte.

About the Deloitte Tech Fast50 Awards:

The Deloitte Technology Fast 50, one of Israel's foremost technology award programs, ranks the country's fastest-growing technology companies based on their growth percentage over the last four years. The Fast 50 program honors business growth and technological innovation as well as Israeli entrepreneurial spirit. The "Technology Fast 50" is part of a national and international program run by Deloitte. Qualified entrants of Israel's Fast 50 program will be promoted to the "EMEA Fast 500" (Europe, Middle East& Africa), and for the first time ever, to Deloitte's Global Technology Fast 100 competition.

Read more here

 

 

Checkmarx is pleased to announce that we have been selected as one of Israel’s fastest growing companies in Deloitte’s Fast50 2015 awards program for the third year in a row. As the fastest growing cyber security company and the 14th fastest growing company in the Startup Nation, we’re thrilled to have been recognized by Deloitte.

About the Deloitte Tech Fast50 Awards:

The Deloitte Technology Fast 50, one of Israel’s foremost technology award programs, ranks the country’s fastest-growing technology companies based on their growth percentage over the last four years. The Fast 50 program honors business growth and technological innovation as well as Israeli entrepreneurial spirit. The “Technology Fast 50” is part of a national and international program run by Deloitte. Qualified entrants of Israel’s Fast 50 program will be promoted to the “EMEA Fast 500” (Europe, Middle East& Africa), and for the first time ever, to Deloitte’s Global Technology Fast 100 competition.

Read more here

 

 


</close>

The State of Mobile Application Security Press Roundup

8 Nov 2015 | By Admin

cbsnews1

Think Apple apps are safer than Android? Think again

Amanda Schupak, CBS News

Apple has a good reputation for security. But a new report finds that its good reputation could be working against it.

Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft.

Continue Reading

Geektime4

Which is safer – iPhone or Android? 

Gabriel Avner, Geektime

A report that cybersecurity experts Checkmarx and AppSec Labs released today has found a set of critical flaws in how developers are writing code for mobile apps that could put a lot of people at risk.

Over the course of the past year, these two companies carried out an audit of hundreds of mobile apps, testing them for vulnerabilities. Among those reviewed were banking apps and others containing essential personal information.

Continue Reading


Read More »

cbsnews1

Think Apple apps are safer than Android? Think again

Amanda Schupak, CBS News

Apple has a good reputation for security. But a new report finds that its good reputation could be working against it.

Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft.

Continue Reading

Geektime4

Which is safer – iPhone or Android? 

Gabriel Avner, Geektime

A report that cybersecurity experts Checkmarx and AppSec Labs released today has found a set of critical flaws in how developers are writing code for mobile apps that could put a lot of people at risk.

Over the course of the past year, these two companies carried out an audit of hundreds of mobile apps, testing them for vulnerabilities. Among those reviewed were banking apps and others containing essential personal information.

Continue Reading

 

iOS apps more vulnerable than Android

Maria Korolov, CSO Online

Applications written for iOS devices have more vulnerabilities than those written for Androids, and this has the potential for security problems in the future as attackers move to application-based threat vectors.

According to a new report from mobile application security vendors Checkmarx and AppSec Labs, the average mobile app has nine vulnerabilities.

Of the iOS vulnerabilities, 40 percent were critical or high severity, compared to 36 percent of the Android vulnerabilities, said Amit Ashbel, product marketing manager at Checkmarx.

Continue Reading

 

InfoSecurity Magazine Logo2

Most Mobile Apps Subject to at Least Nine Vulnerabilities

Tara Seals, InfoSecurity Magazine

Mobile applications show an alarming rate of vulnerability, with the average app susceptible to an average of nine different vulnerabilities. Further, the research from Checkmarx and AppSec Labs shows that out of those nine different vulnerabilities, 38% of are critical or high severity.

Interestingly, and despite conventional wisdom, iOS is no more secure than Android when it comes to vulnerabilities built into the code or application logic: Here, the vulnerability rate of iOS and Android applications is almost identical. And, 40% of detected vulnerabilities in iOS applications were found to be critical or high-severity, compared to only 36% on Android.

Continue Reading

BGR

iOS apps aren’t any more secure than Android apps, study finds

Yoni Heisler, BGR

A new security report from Checkmarx claims that the walled garden that is Apple’sApp Store may not be the safe haven it’s hyped up to be. The report specifically claims that iOS apps have a greater percentage of critical or high severity security vulnerabilities when compared to Android apps.

For purposes of the report, a critical vulnerability is defined as one “that exposes a major security risk with a direct exploit (not needing user involvement). If exploited, the security threat might cause major damage to the application and/or have major impact on the company.”

Continue Reading

New Mobile Security Report Shows Most Apps Have Critical Vulnerabilities

Richard Harris, App Developer Magazine

Checkmarx and AppSec Labs have released a new mobile app security titled “The State of Mobile Application Security 2014-2015”. Among the findings of the report is that the typical app is exposed to an average of 9 different vulnerabilities. The report also indicates in situations where vulnerabilities are built into the code or application logic, the vulnerability of iOS and Android Applications are almost identical.
During 2014-15, AppSec Labs and Checkmarx tested hundreds of mobile applications of all types including banking, utilities, retail, gaming and security-oriented applications. Among the types of applications tested were banking applications of high-street retail banks which access the personal data of millions of private individuals.

silicon angle

Checkmarx finds iOS apps have more critical vulnerabilities than Android apps

Duncan Riley, Silicon Angle

Application security firm Checkmarx, Inc. have released a new mobile security report that throws a common misconception about mobile security on its head.

The State of Mobile Application Security 2014-2015 report, published in conjunction with Appsec Labs, tested hundreds of mobile applications of all types including banking, utilities, retail, gaming and even security oriented applications for vulnerabilities and related security issues.

Continue Reading

iOS Apps Plagued by More High-Critical Vulnerabilities When Compared to Android

Catalin Cimpanu, Softpedia

The myth of iOS being more secure than Android is being slowly eroded with each new security report released. The latest to take a swipe at Apple iOS’ reputation is one from mobile security vendors Checkmarx and AppSec Labs.

After analyzing hundreds of Android and iOS applications, the two companies’ security researchers can claim that they’ve found more security vulnerabilities that rank as High and Critical in iOS products. The percentage of vulnerabilities that researchers can label as High and Critical is 40% for iOS apps, but only 36% for Android applications.

Continue Reading

Tech News Today

A recent research report released by Checkmarx stated iOS is not safer than Android

Natalle James, Tech News Today

With the increasing threat of malware, the smartphone industry is looking forward to security as a major necessity. In this regard, a recently released security report by Checkmarx popped up Apple’s bubble for claiming itself to be a safe haven. It precisely stated iOS applications have a high chance of security vulnerability as compared with Android apps, and has taken the industry by the storm, considering Apple’s claim to provide a promising and a high-level security system.

Continue Reading

iOS apps have more vulnerabilities than Android

Michael H., Phone Arena

Because of how the platform is designed, whenever we hear about malware or security threats in the mobile world, it tends to be pointed at Android, despite there being little evidence of anyone being at real risk outside of users in Russia or China who use a third-party app store. Now, a new report is claiming that the majority of app vulnerabilities exist in iOS apps, and they tend to be more severe as well.

Continue Reading

 

International

CIO America Latina

Aplicaciones de iOS son más vulnerables que las Android

Elibeth Eduardo G., CIO Latin America

Las aplicaciones escritas para dispositivos iOS tienen más vulnerabilidades que las diseñadas para los androides.
Aunque usted no lo crea. Puede que la percepción sea distinta pero es así y eso tiene el potencial de generar problemas de seguridad en el futuro a medida que los atacantes se trasladan a vectores de amenazas basadas en aplicaciones.

Continue Reading

GIGA_Android_Logo_2014

Studie: Android-Apps sicherer als iOS-Apps

Kaan Gürayer, Giga Android

Nicht erst seit dem berüchtigten Stagefright-Exploit hängt Android der unschmeichelhafte Ruf an, weniger sicher als Apples iOS zu sein. Doch wie viel Wahrheit steckt in diesem Klischee? Die Sicherheitsfirmen Checkmarx und AppSec Labs wollten es genau wissen, haben dazu die Apps auf beiden Plattformen genauer unter die Lupe genommen und sind zu einem überraschenden Ergebnis gekommen: Android-Apps sollen im Schnitt sicherer sein als iOS-Apps.

Continue Reading

PCWorld
Aplicativos iOS são mais vulneráveis, dizem pesquisas
Maria Korolov, CSO Online republished at PC World 

Pesquisas recentes das empresas de segurança móvel Checkmarx e AppSec Labs revelam que aplicativos desenvolvidos para dispositivos iOS têm mais vulnerabilidades do que aqueles feitos para Android,o que pode gerar problemas de segurança no futuro.

Os relatórios revelam também que os aplicativos móveis costumam ter, em média, nove vulnerabilidades.

Continue Reading

Droider.ru

Эксперты уверены, что iOS не безопаснее Android

Илья Рябов, Droider.RU

Вокруг Android и iOS регулярно разгораются скандалы, связанные с безопасностью. Достаточно вспомнить критическую уязвимость Heartbleed в некоторых версиях OpenSSL и взлом iCloud с «утечкой» фотографий знаменитостей.

Специалисты в сфере кибер-защищиты из израильской компании Checkmark выяснили, что обе мобильные ОС одинаково небезопасны.

Continue Reading

itworld

iOS 앱, 안드로이드 앱보다 보안 취약해

Maria Korolov, CSO Online republished at IT World

iOS 앱이 안드로이드 앱보다 보안 측면에서 더 취약하며, 공격자가 애플리케이션 기반의 공격 벤터로 이동할 경우 더 큰 보안 문제를 일으킬 수 있는 것으로 밝혀졌다.

Continue Reading


</close>

Think Apple apps are safer than Android? Think again.

8 Nov 2015 | By Amanda Schupak

Apple has a good reputation for security. But a new report finds that its good reputation could be working against it.

Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft.

Checkmarx marketing vice president Asaph Schulman called the results "nothing short of alarming" and said that if app developers don't institute better coding practices, "we should expect an increase of major hacks...in the near future."

Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease.

When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities -- 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple's focus on security.

Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple's App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts.

"Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain," said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm.

Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations.

Read the full article here

Apple has a good reputation for security. But a new report finds that its good reputation could be working against it.

Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft.

Checkmarx marketing vice president Asaph Schulman called the results “nothing short of alarming” and said that if app developers don’t institute better coding practices, “we should expect an increase of major hacks…in the near future.”

Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease.

When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities — 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple’s focus on security.

Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple’s App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts.

“Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain,” said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm.

Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations.

Read the full article here


</close>

Checkmarx Creates Campaign to Help Companies With Security Awareness

14 Oct 2015 | By Richard Harris
Checkmarx has released a new microsite to help companies raise awareness within their development teams for secure development practices. The campaign provides a kit that includes physical and online tools to promote safe application development within their organization.
The physical kit offers a package to help raise awareness within a development organization for application security including teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a “Game of Hacks Challenge” in the workplace.
Throughout the month of October, Checkmarx will be providing a daily Application Security (AppSec) tip. The tips all come from global AppSec experts and address Application Security, Mobile Security, Robust Agile Security, and Awareness and Education for Developers. In addition, followers can submit their own AppSec tips by tweeting them to @Checkmarx with the hashtag #SecureDevAware.

Check it out: http://securedevkit.com/

 

Read the original article at App Developer Magazine.

Checkmarx has released a new microsite to help companies raise awareness within their development teams for secure development practices. The campaign provides a kit that includes physical and online tools to promote safe application development within their organization.
The physical kit offers a package to help raise awareness within a development organization for application security including teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a “Game of Hacks Challenge” in the workplace.
Throughout the month of October, Checkmarx will be providing a daily Application Security (AppSec) tip. The tips all come from global AppSec experts and address Application Security, Mobile Security, Robust Agile Security, and Awareness and Education for Developers. In addition, followers can submit their own AppSec tips by tweeting them to @Checkmarx with the hashtag #SecureDevAware.

Check it out: http://securedevkit.com/

 

Read the original article at App Developer Magazine.


</close>

Checkmarx Marks National Cyber Security Awareness Month with App Kit, Daily Tips, Game of Hacks

13 Oct 2015 | By Randy Dahlke

In honor of National Cyber Security Awareness Month, Checkmarx — a global leader in software application security — has several things planned, the first of which is the launch of SecureDevKit to raise awareness.

The campaign is designed to give CISOs/CSOs and software development managers a kit that “includes physical and online tools to promote secure application development within their organizations.”

Asaph Schulman, VP Marketing at Checkmarx, suggests that the company’s efforts stem from an apparent jump in hackers exploiting an assortment of vulnerabilities in web and mobile applications.

Schulman says that the vulnerabilities in question typically exist from the earliest development stages and largely go undetected “until it’s too late.”

So what’s the goal here? Avoiding mistakes before security issues occur.

“With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place,” Schulman tells us.

The physical kit includes everything needed to raise awareness within a development organization for application security — and to have some fun at the same time. The kit contains teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace. Secure Development Kits can be ordered here.

Read the full article on Mobile Advertising Watch

In honor of National Cyber Security Awareness Month, Checkmarx — a global leader in software application security — has several things planned, the first of which is the launch of SecureDevKit to raise awareness.

The campaign is designed to give CISOs/CSOs and software development managers a kit that “includes physical and online tools to promote secure application development within their organizations.”

Asaph Schulman, VP Marketing at Checkmarx, suggests that the company’s efforts stem from an apparent jump in hackers exploiting an assortment of vulnerabilities in web and mobile applications.

Schulman says that the vulnerabilities in question typically exist from the earliest development stages and largely go undetected “until it’s too late.”

So what’s the goal here? Avoiding mistakes before security issues occur.

“With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place,” Schulman tells us.

The physical kit includes everything needed to raise awareness within a development organization for application security — and to have some fun at the same time. The kit contains teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace. Secure Development Kits can be ordered here.

Read the full article on Mobile Advertising Watch


</close>

#SecureDevAware Campaign Hopes to Boost R&D Security Awareness

11 Oct 2015 | By Tara Seals

In honor of National Cybersecurity Awareness Month, Checkmarx has launched a campaign to raise awareness for secure development within R&D teams.

The #SecureDevAware initiative provides CISOs/CSOs and software development managers with a kit that includes physical and online tools to promote secure application development within their organization, like the Game of Hacks challenge.

Game of Hacks is an educational solution that helps developers and security experts hone their security skills and educate their peers. The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible.

“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in web and mobile applications that often exist from the early development stage of the software and remain undetected until it’s too late,” said Asaph Schulman, vice president of marketing at Checkmarx. “We repeatedly hear security managers and CISOs concerned about the secure coding knowledge of their development teams and are looking to provide more training. With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place.”

The company said that it has delivered hundreds of Secure Development Kits to R&D teams. The physical kit includes teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace.

“As we design and use more and more applications that deal with more sensitive data and information than ever before, we need to be fully aware of their security implications. It’s easy to just hope for the best when you release an app and pray nobody finds a vulnerability in it,” said Schulman. “When it comes to development, Secure Development Awareness can pay off big time in the long run.”

Read the full article here.

In honor of National Cybersecurity Awareness Month, Checkmarx has launched a campaign to raise awareness for secure development within R&D teams.

The #SecureDevAware initiative provides CISOs/CSOs and software development managers with a kit that includes physical and online tools to promote secure application development within their organization, like the Game of Hacks challenge.

Game of Hacks is an educational solution that helps developers and security experts hone their security skills and educate their peers. The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible.

“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in web and mobile applications that often exist from the early development stage of the software and remain undetected until it’s too late,” said Asaph Schulman, vice president of marketing at Checkmarx. “We repeatedly hear security managers and CISOs concerned about the secure coding knowledge of their development teams and are looking to provide more training. With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place.”

The company said that it has delivered hundreds of Secure Development Kits to R&D teams. The physical kit includes teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace.

“As we design and use more and more applications that deal with more sensitive data and information than ever before, we need to be fully aware of their security implications. It’s easy to just hope for the best when you release an app and pray nobody finds a vulnerability in it,” said Schulman. “When it comes to development, Secure Development Awareness can pay off big time in the long run.”

Read the full article here.


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.