In the News

Think Apple apps are safer than Android? Think again.

8 Nov 2015 | By Amanda Schupak

Apple has a good reputation for security. But a new report finds that its good reputation could be working against it.

Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft.

Checkmarx marketing vice president Asaph Schulman called the results "nothing short of alarming" and said that if app developers don't institute better coding practices, "we should expect an increase of major hacks...in the near future."

Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease.

When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities -- 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple's focus on security.

Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple's App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts.

"Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain," said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm.

Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations.

Read the full article here

Apple has a good reputation for security. But a new report finds that its good reputation could be working against it.

Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft.

Checkmarx marketing vice president Asaph Schulman called the results “nothing short of alarming” and said that if app developers don’t institute better coding practices, “we should expect an increase of major hacks…in the near future.”

Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease.

When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities — 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple’s focus on security.

Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple’s App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts.

“Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain,” said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm.

Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations.

Read the full article here


</close>

Checkmarx Creates Campaign to Help Companies With Security Awareness

14 Oct 2015 | By Richard Harris
Checkmarx has released a new microsite to help companies raise awareness within their development teams for secure development practices. The campaign provides a kit that includes physical and online tools to promote safe application development within their organization.
The physical kit offers a package to help raise awareness within a development organization for application security including teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a “Game of Hacks Challenge” in the workplace.
Throughout the month of October, Checkmarx will be providing a daily Application Security (AppSec) tip. The tips all come from global AppSec experts and address Application Security, Mobile Security, Robust Agile Security, and Awareness and Education for Developers. In addition, followers can submit their own AppSec tips by tweeting them to @Checkmarx with the hashtag #SecureDevAware.

Check it out: http://securedevkit.com/

 

Read the original article at App Developer Magazine.

Checkmarx has released a new microsite to help companies raise awareness within their development teams for secure development practices. The campaign provides a kit that includes physical and online tools to promote safe application development within their organization.
The physical kit offers a package to help raise awareness within a development organization for application security including teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a “Game of Hacks Challenge” in the workplace.
Throughout the month of October, Checkmarx will be providing a daily Application Security (AppSec) tip. The tips all come from global AppSec experts and address Application Security, Mobile Security, Robust Agile Security, and Awareness and Education for Developers. In addition, followers can submit their own AppSec tips by tweeting them to @Checkmarx with the hashtag #SecureDevAware.

Check it out: http://securedevkit.com/

 

Read the original article at App Developer Magazine.


</close>

Checkmarx Marks National Cyber Security Awareness Month with App Kit, Daily Tips, Game of Hacks

13 Oct 2015 | By Randy Dahlke

In honor of National Cyber Security Awareness Month, Checkmarx — a global leader in software application security — has several things planned, the first of which is the launch of SecureDevKit to raise awareness.

The campaign is designed to give CISOs/CSOs and software development managers a kit that “includes physical and online tools to promote secure application development within their organizations.”

Asaph Schulman, VP Marketing at Checkmarx, suggests that the company’s efforts stem from an apparent jump in hackers exploiting an assortment of vulnerabilities in web and mobile applications.

Schulman says that the vulnerabilities in question typically exist from the earliest development stages and largely go undetected “until it’s too late.”

So what’s the goal here? Avoiding mistakes before security issues occur.

“With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place,” Schulman tells us.

The physical kit includes everything needed to raise awareness within a development organization for application security — and to have some fun at the same time. The kit contains teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace. Secure Development Kits can be ordered here.

Read the full article on Mobile Advertising Watch

In honor of National Cyber Security Awareness Month, Checkmarx — a global leader in software application security — has several things planned, the first of which is the launch of SecureDevKit to raise awareness.

The campaign is designed to give CISOs/CSOs and software development managers a kit that “includes physical and online tools to promote secure application development within their organizations.”

Asaph Schulman, VP Marketing at Checkmarx, suggests that the company’s efforts stem from an apparent jump in hackers exploiting an assortment of vulnerabilities in web and mobile applications.

Schulman says that the vulnerabilities in question typically exist from the earliest development stages and largely go undetected “until it’s too late.”

So what’s the goal here? Avoiding mistakes before security issues occur.

“With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place,” Schulman tells us.

The physical kit includes everything needed to raise awareness within a development organization for application security — and to have some fun at the same time. The kit contains teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace. Secure Development Kits can be ordered here.

Read the full article on Mobile Advertising Watch


</close>

#SecureDevAware Campaign Hopes to Boost R&D Security Awareness

11 Oct 2015 | By Tara Seals

In honor of National Cybersecurity Awareness Month, Checkmarx has launched a campaign to raise awareness for secure development within R&D teams.

The #SecureDevAware initiative provides CISOs/CSOs and software development managers with a kit that includes physical and online tools to promote secure application development within their organization, like the Game of Hacks challenge.

Game of Hacks is an educational solution that helps developers and security experts hone their security skills and educate their peers. The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible.

“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in web and mobile applications that often exist from the early development stage of the software and remain undetected until it’s too late,” said Asaph Schulman, vice president of marketing at Checkmarx. “We repeatedly hear security managers and CISOs concerned about the secure coding knowledge of their development teams and are looking to provide more training. With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place.”

The company said that it has delivered hundreds of Secure Development Kits to R&D teams. The physical kit includes teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace.

“As we design and use more and more applications that deal with more sensitive data and information than ever before, we need to be fully aware of their security implications. It’s easy to just hope for the best when you release an app and pray nobody finds a vulnerability in it,” said Schulman. “When it comes to development, Secure Development Awareness can pay off big time in the long run.”

Read the full article here.

In honor of National Cybersecurity Awareness Month, Checkmarx has launched a campaign to raise awareness for secure development within R&D teams.

The #SecureDevAware initiative provides CISOs/CSOs and software development managers with a kit that includes physical and online tools to promote secure application development within their organization, like the Game of Hacks challenge.

Game of Hacks is an educational solution that helps developers and security experts hone their security skills and educate their peers. The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible.

“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in web and mobile applications that often exist from the early development stage of the software and remain undetected until it’s too late,” said Asaph Schulman, vice president of marketing at Checkmarx. “We repeatedly hear security managers and CISOs concerned about the secure coding knowledge of their development teams and are looking to provide more training. With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place.”

The company said that it has delivered hundreds of Secure Development Kits to R&D teams. The physical kit includes teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace.

“As we design and use more and more applications that deal with more sensitive data and information than ever before, we need to be fully aware of their security implications. It’s easy to just hope for the best when you release an app and pray nobody finds a vulnerability in it,” said Schulman. “When it comes to development, Secure Development Awareness can pay off big time in the long run.”

Read the full article here.


</close>

Checkmarx Asks Developers: “Are You #SecureDevAware?” to Mark National Cyber Security Awareness Month

8 Oct 2015 | By Admin

In honor of National Cyber Security Awareness Month, Checkmarx, a global leader in software application security, today launched http://securedevkit.com to raise awareness for secure development within R&D teams. The campaign provides CISOs/CSOs and software development managers with a kit that includes physical and online tools to promote secure application development within their organizations.

"We've been seeing a rise in hackers successfully exploiting vulnerabilities in web and mobile applications that often exist from the early development stage of the software and remain undetected until it's too late," said Asaph Schulman, VP Marketing at Checkmarx. "We repeatedly hear security managers and CISOs concerned about the secure coding knowledge of their development teams and are looking to provide more training. With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers' security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place."

Secure Development Kit

In anticipation of National Cyber Security Awareness Month, Checkmarx has delivered hundreds of Secure Development Kits to R&D teams. The physical kit includes everything needed to raise awareness within a development organization for application security - and to have some fun at the same time. The kit contains teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace. Secure Development Kits can be ordered here: http://securedevkit.com.

Game of Hacks Challenge

Created by Checkmarx, Game of Hacks is an educational solution that helps developers and security experts hone their security skills and educate their peers. During National Cyber Security Month, Checkmarx is encouraging developers to organize a Game of Hacks Challenge in the workplace. The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible. Full details on how to organize a Game of Hacks Challenge can be found here.

Tip of the Day

Throughout the month of October, Checkmarx will be providing a daily Application Security (AppSec) tip. The tips all come from global AppSec experts and address Application Security, Mobile Security, Robust Agile (News - Alert) Security, and Awareness and Education for Developers. In addition, followers can submit their own AppSec tips by tweeting them to @Checkmarx with the hashtag #SecureDevAware.

"As we design and use more and more applications that deal with more sensitive data and information than ever before, we need to be fully aware of their security implications. It's easy to just hope for the best when you release an app and pray nobody finds a vulnerability in it," said Schulman. "When it comes to development, Secure Development Awareness can pay off big time in the long run."

About Checkmarx

Checkmarx is a leading developer of software solutions used to identify, fix and block security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk before applications are released. The company's customers include 5 of the world's top 10 software vendors and many Fortune 500 and government organizations, including SAP (News -Alert), Samsung, Salesforce.com, Coca Cola and the US Army. For more information about Checkmarx, visithttps://www.checkmarx.com or follow us on twitter: @Checkmarx.

About National Cyber Security Awareness Month

Celebrated every October, NCSAM is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security. Now in its 12th year, NCSAM is coordinated and led by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security. For more information, visithttp://www.staysafeonline.org/ncsam.

Read the original release here.

In honor of National Cyber Security Awareness Month, Checkmarx, a global leader in software application security, today launched http://securedevkit.com to raise awareness for secure development within R&D teams. The campaign provides CISOs/CSOs and software development managers with a kit that includes physical and online tools to promote secure application development within their organizations.

“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in web and mobile applications that often exist from the early development stage of the software and remain undetected until it’s too late,” said Asaph Schulman, VP Marketing at Checkmarx. “We repeatedly hear security managers and CISOs concerned about the secure coding knowledge of their development teams and are looking to provide more training. With the #SecureDevAware campaign, we are providing, free of charge, a kit with a structured program to allow companies to sharpen their developers’ security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place.”

Secure Development Kit

In anticipation of National Cyber Security Awareness Month, Checkmarx has delivered hundreds of Secure Development Kits to R&D teams. The physical kit includes everything needed to raise awareness within a development organization for application security – and to have some fun at the same time. The kit contains teaser cards, a poster of security tips, stickers, bag pins, Game of Hacks t-shirts as well as instructions for organizing a Game of Hacks Challenge in the workplace. Secure Development Kits can be ordered here: http://securedevkit.com.

Game of Hacks Challenge

Created by Checkmarx, Game of Hacks is an educational solution that helps developers and security experts hone their security skills and educate their peers. During National Cyber Security Month, Checkmarx is encouraging developers to organize a Game of Hacks Challenge in the workplace. The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible. Full details on how to organize a Game of Hacks Challenge can be found here.

Tip of the Day

Throughout the month of October, Checkmarx will be providing a daily Application Security (AppSec) tip. The tips all come from global AppSec experts and address Application Security, Mobile Security, Robust Agile (NewsAlert) Security, and Awareness and Education for Developers. In addition, followers can submit their own AppSec tips by tweeting them to @Checkmarx with the hashtag #SecureDevAware.

“As we design and use more and more applications that deal with more sensitive data and information than ever before, we need to be fully aware of their security implications. It’s easy to just hope for the best when you release an app and pray nobody finds a vulnerability in it,” said Schulman. “When it comes to development, Secure Development Awareness can pay off big time in the long run.”

About Checkmarx

Checkmarx is a leading developer of software solutions used to identify, fix and block security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk before applications are released. The company’s customers include 5 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including SAP (NewsAlert), Samsung, Salesforce.com, Coca Cola and the US Army. For more information about Checkmarx, visithttps://www.checkmarx.com or follow us on twitter: @Checkmarx.

About National Cyber Security Awareness Month

Celebrated every October, NCSAM is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security. Now in its 12th year, NCSAM is coordinated and led by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security. For more information, visithttp://www.staysafeonline.org/ncsam.

Read the original release here.


</close>

Checkmarx CEO, Emmanuel Benzaquen, Interviewed on i24

16 Aug 2015 | By i24

Checkmarx CEO Emmanuel Benzaquen spoke with i24 about the current state of application security, why so many applications are released with vulnerabilities, and what Checkmarx is doing to change the future of software.

Here's the clip:

Checkmarx CEO Emmanuel Benzaquen spoke with i24 about the current state of application security, why so many applications are released with vulnerabilities, and what Checkmarx is doing to change the future of software.

Here’s the clip:


</close>

Code Dx(R) and Checkmarx Partner to Enhance Software Security

12 Aug 2015 | By Admin

Code Dx, Inc., a provider of a robust suite of fast and affordable tools that help software developers and security analysts find, prioritize and visualize software vulnerabilities, today announced its partnership with Checkmarx, a global leader in software application security. Through the partnership, the Code Dx Enterprise Edition now supports Checkmarx's powerful source code analysis solution. By offering this internationally used, automated scanning technology as part of its toolset, Code Dx further enhances the ability for developers and auditors to easily scan mobile and web application code and eliminate software risk.

"Checkmarx's source code analysis solution scans code at its earliest stage in the software development life cycle before it is even compiled. This enables developers to identify and resolve coding flaws when they take less time and money to fix," said Anita D'Amico, Ph.D., CEO for Code Dx. "Checkmarx is a logical addition to the toolset we offer through our Code Dx software vulnerability management system, providing users greater coverage in their application security testing process."

"Our source code analysis solution supports 18 different languages including a wide range of mobile and web languages. Checkmarx and Code Dx together will enable users to combine results from other source code analysis tools to ensure any security weaknesses are identified," said Amit Ashbel, product marketing manager at Checkmarx. "By testing applications early on, organizations are not only able to reduce the costs of fixing problems, but developers are able to take the responsibility of identifying and resolving issues off the security managers and fix problems while they are actually working in the code -- eliminating the need to re-open the code later on during the QA or production phases."

The Code Dx software vulnerability management system runs a suite of pre-configured, fully integrated, multi-language, open-source static code analysis tools against a code base to enable organizations to easily locate and fix potential security vulnerabilities. It also incorporates the results of commercial tools and manual analysis and automatically correlates all findings into a single consolidated result set, viewable from a single user interface -- with reports presented in an easy-to-understand visual display.

Read the full release here

 

Code Dx, Inc., a provider of a robust suite of fast and affordable tools that help software developers and security analysts find, prioritize and visualize software vulnerabilities, today announced its partnership with Checkmarx, a global leader in software application security. Through the partnership, the Code Dx Enterprise Edition now supports Checkmarx’s powerful source code analysis solution. By offering this internationally used, automated scanning technology as part of its toolset, Code Dx further enhances the ability for developers and auditors to easily scan mobile and web application code and eliminate software risk.

“Checkmarx’s source code analysis solution scans code at its earliest stage in the software development life cycle before it is even compiled. This enables developers to identify and resolve coding flaws when they take less time and money to fix,” said Anita D’Amico, Ph.D., CEO for Code Dx. “Checkmarx is a logical addition to the toolset we offer through our Code Dx software vulnerability management system, providing users greater coverage in their application security testing process.”

“Our source code analysis solution supports 18 different languages including a wide range of mobile and web languages. Checkmarx and Code Dx together will enable users to combine results from other source code analysis tools to ensure any security weaknesses are identified,” said Amit Ashbel, product marketing manager at Checkmarx. “By testing applications early on, organizations are not only able to reduce the costs of fixing problems, but developers are able to take the responsibility of identifying and resolving issues off the security managers and fix problems while they are actually working in the code — eliminating the need to re-open the code later on during the QA or production phases.”

The Code Dx software vulnerability management system runs a suite of pre-configured, fully integrated, multi-language, open-source static code analysis tools against a code base to enable organizations to easily locate and fix potential security vulnerabilities. It also incorporates the results of commercial tools and manual analysis and automatically correlates all findings into a single consolidated result set, viewable from a single user interface — with reports presented in an easy-to-understand visual display.

Read the full release here

 


</close>

Checkmarx Launches Enhanced Mobile Application Security Allowing Developers To Deliver Secure Mobile Apps

4 Aug 2015 | By Admin

Checkmarx, a global leader in software application security, today launched an enhanced solution for increased mobile application security. As the number of existing clients using Checkmarx’s products to scan their mobile application rises rapidly and now exceeds 58%, the company is stepping up its offering to address market demand for an application solution for mobile developers.

“Over 7 billion mobile devices are being used today all around the world and their number is multiplying 5 times faster than human beings,” said Emmanuel Benzaquen, CEO of Checkmarx. “With the huge amounts of private information being transferred worldwide through these devices, the need for strong mobile security has become paramount. Mobile application security is a huge challenge and only robust application code can help organizations provide the users with the security they need, expect and deserve. ”

Checkmarx’s Mobile Application Security allows static code analysis of both native and hybrid applications. Recent enhancements increase the depth of coverage for native mobile applications, and introduce support for the open-source multi-platform development framework PhoneGap. PhoneGap has become one of the most popular ways to create mobile applications, allowing developers to create mobile apps in HTML, CSS and JavaScript which are automatically compiled for Android, iOS, Windows Mobile and more. In addition, Checkmarx confirmed its mobile security offering supports apps created for iOS 9.

Checkmarx allows developers to scan their source code with no need for compilation. Results are delivered directly to the developer clearly pointing out the detected flaws along with detailed instructions how to resolve the vulnerabilities.

These additional enhancements are added to the functionality of Checkmarx CxSAST - a powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code. CxSAST identifies and tracks application layer security vulnerabilities and can be integrated seamlessly into the Software Development Life Cycle (SDLC), enabling the early detection and mitigation of crucial security flaws in all major programming languages. CxSAST shows where and how to fix the vulnerability with a single click.

“Enhancing our security offering to include the most popular ways to create mobile applications makes it that much easier for developers to ensure that their source code is secure during the development process, ultimately providing greater peace of mind for the consumers using the applications,” continued Benzaquen.

Read the full release here

Checkmarx, a global leader in software application security, today launched an enhanced solution for increased mobile application security. As the number of existing clients using Checkmarx’s products to scan their mobile application rises rapidly and now exceeds 58%, the company is stepping up its offering to address market demand for an application solution for mobile developers.

“Over 7 billion mobile devices are being used today all around the world and their number is multiplying 5 times faster than human beings,” said Emmanuel Benzaquen, CEO of Checkmarx. “With the huge amounts of private information being transferred worldwide through these devices, the need for strong mobile security has become paramount. Mobile application security is a huge challenge and only robust application code can help organizations provide the users with the security they need, expect and deserve. ”

Checkmarx’s Mobile Application Security allows static code analysis of both native and hybrid applications. Recent enhancements increase the depth of coverage for native mobile applications, and introduce support for the open-source multi-platform development framework PhoneGap. PhoneGap has become one of the most popular ways to create mobile applications, allowing developers to create mobile apps in HTML, CSS and JavaScript which are automatically compiled for Android, iOS, Windows Mobile and more. In addition, Checkmarx confirmed its mobile security offering supports apps created for iOS 9.

Checkmarx allows developers to scan their source code with no need for compilation. Results are delivered directly to the developer clearly pointing out the detected flaws along with detailed instructions how to resolve the vulnerabilities.

These additional enhancements are added to the functionality of Checkmarx CxSAST – a powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code. CxSAST identifies and tracks application layer security vulnerabilities and can be integrated seamlessly into the Software Development Life Cycle (SDLC), enabling the early detection and mitigation of crucial security flaws in all major programming languages. CxSAST shows where and how to fix the vulnerability with a single click.

“Enhancing our security offering to include the most popular ways to create mobile applications makes it that much easier for developers to ensure that their source code is secure during the development process, ultimately providing greater peace of mind for the consumers using the applications,” continued Benzaquen.

Read the full release here


</close>

How to Cope with Stagefright

2 Aug 2015 | By Ian Barker

Earlier this week we reported on the Stagefright vulnerability that could affect 95 percent of Android devices. It has arisen as a result of code vulnerabilities which could have been detected and resolved earlier.

Application security company Checkmarx has been looking more deeply into Stagefright and what it means for users and developers.

Stagefright can infect a device by simply downloading an MMS message -- which happens automatically in most cases. Once infected, the hacker has full control over the phone's data. The scary thing is that the Android device just needs to receive an MMS message. The user doesn't have to open it in order to get infected.

First of all there's a temporary workaround to avoid infection. Open the Hangouts app, go to Settings from the hamburger menu, select SMS, choose Hangouts as your default SMS app and uncheck Auto-retrieve MMS. There's usually an option to turn off auto-retrieval of MMS in other messaging apps too, so check your settings.

Amit Ashbel of Checkmarx writing on the company's blog says, "It is clear by now that the Stagefright vulnerability was a result of one or more code vulnerabilities. It is also clear that these could have been detected at an earlier stage of the development and resolved at that stage. What is not yet clear is what the exact vulnerability is, however, that should become clear within the coming days after the full information about the CVEs reported are disclosed".

Checkmarx's CxSAST for Mobile delivers code security analysis for Android, iOS and Windows applications. This helps eliminate code vulnerabilities during the coding process rather than waiting for them to appear at a later stage.

Read the original article at BetaNews.

Earlier this week we reported on the Stagefright vulnerability that could affect 95 percent of Android devices. It has arisen as a result of code vulnerabilities which could have been detected and resolved earlier.

Application security company Checkmarx has been looking more deeply into Stagefright and what it means for users and developers.

Stagefright can infect a device by simply downloading an MMS message — which happens automatically in most cases. Once infected, the hacker has full control over the phone’s data. The scary thing is that the Android device just needs to receive an MMS message. The user doesn’t have to open it in order to get infected.

First of all there’s a temporary workaround to avoid infection. Open the Hangouts app, go to Settings from the hamburger menu, select SMS, choose Hangouts as your default SMS app and uncheck Auto-retrieve MMS. There’s usually an option to turn off auto-retrieval of MMS in other messaging apps too, so check your settings.

Amit Ashbel of Checkmarx writing on the company’s blog says, “It is clear by now that the Stagefright vulnerability was a result of one or more code vulnerabilities. It is also clear that these could have been detected at an earlier stage of the development and resolved at that stage. What is not yet clear is what the exact vulnerability is, however, that should become clear within the coming days after the full information about the CVEs reported are disclosed”.

Checkmarx’s CxSAST for Mobile delivers code security analysis for Android, iOS and Windows applications. This helps eliminate code vulnerabilities during the coding process rather than waiting for them to appear at a later stage.

Read the original article at BetaNews.


</close>

Israels Hot Startup Scene is Fostering Several Unicorns

27 Jul 2015 | By John Rampton

I recently had the privilege to fly from Silicon Valley to what many know as Silicon Wadi (also know as Tel Aviv, Israel). Israel has more that 6,000 startups and attracts more venture capital per person than any other country in the world.

Here are some of the hot startups that I see as having a bright future as well as every one of them having a potential billion dollar valuation (if they don’t already) in the near future.

Checkmarx

Founded in 2006 by Israeli cyber security expert Maty Siman, Checkmarx provides comprehensive solutions for application security testing and application layer attack prevention. Its flagship product is its automated static code analysis--scanning for security deficiencies in source code early in the software development lifecycle where it is most cost-effective to apply fixes. With offices in both Israel and the US, Checkmarx has grown employee headcount to over 150 in the last 12 months, and is experiencing revenue growth greater than 100% in 2015. The company has an industry-leading customer retention rate and currently serves over 700 customers worldwide including Salesforce.com, SAP, Samsung, Coca Cola and the US Army.

We met with Checkmarx just days after they announced a massive $84 million investment from NY-based Insight Venture Partners. That funding will be primarily used to further accelerate growth through product innovation and global expansion.

Read the full article at Inc.com.

I recently had the privilege to fly from Silicon Valley to what many know as Silicon Wadi (also know as Tel Aviv, Israel). Israel has more that 6,000 startups and attracts more venture capital per person than any other country in the world.

Here are some of the hot startups that I see as having a bright future as well as every one of them having a potential billion dollar valuation (if they don’t already) in the near future.

Checkmarx

Founded in 2006 by Israeli cyber security expert Maty Siman, Checkmarx provides comprehensive solutions for application security testing and application layer attack prevention. Its flagship product is its automated static code analysis–scanning for security deficiencies in source code early in the software development lifecycle where it is most cost-effective to apply fixes. With offices in both Israel and the US, Checkmarx has grown employee headcount to over 150 in the last 12 months, and is experiencing revenue growth greater than 100% in 2015. The company has an industry-leading customer retention rate and currently serves over 700 customers worldwide including Salesforce.com, SAP, Samsung, Coca Cola and the US Army.

We met with Checkmarx just days after they announced a massive $84 million investment from NY-based Insight Venture Partners. That funding will be primarily used to further accelerate growth through product innovation and global expansion.

Read the full article at Inc.com.


</close>