In the News

Checkmarx Ranked #1 for “Static Analysis Product” in Gartner’s 2014 Critical Capabilities for Application Security Testing Report

30 Dec 2014 | By Asaph Schulman

TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) -- Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014.

Forrester Research, Inc. invited 12 AST solution providers to participate and rated the providers based on 82 specific criteria within their current offerings, strategies, and market presence. The report offers a comprehensive assessment of each vendor for security and risk professionals. In Forrester’s evaluation, Checkmarx received among the highest scores for Customer References, Corporate Strategy and Developer Education and Training.

“Checkmarx’s solution has strong functional capabilities in deployment, concurrent use, scanning automation, configurable rules and scans, target scanning, and multiple user report,” the report noted. “The Checkmarx offering has strong static analysis levels around source code scanning, varied language and framework support, analysis levels, and custom static analysis rules.”

Read the rest of the release here.

TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) — Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014.

Forrester Research, Inc. invited 12 AST solution providers to participate and rated the providers based on 82 specific criteria within their current offerings, strategies, and market presence. The report offers a comprehensive assessment of each vendor for security and risk professionals. In Forrester’s evaluation, Checkmarx received among the highest scores for Customer References, Corporate Strategy and Developer Education and Training.

“Checkmarx’s solution has strong functional capabilities in deployment, concurrent use, scanning automation, configurable rules and scans, target scanning, and multiple user report,” the report noted. “The Checkmarx offering has strong static analysis levels around source code scanning, varied language and framework support, analysis levels, and custom static analysis rules.”

Read the rest of the release here.


</close>

The Business Value of Partial Code Scanning

29 Dec 2014 | By Kevin Beaver

It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get started. This reminds me of the Mark Victor Hansen quote:

“Don’t wait until everything is just right. It will never be perfect. There will always be challenges, obstacles and less than perfect conditions. So what. Get started now. With each step you take, you will grow stronger and stronger, more and more skilled, more and more self-confident and more and more successful.”

I wrote this article in conjunction with the nice folks at Checkmarx who happen to produce the best static source code analysis tool I’ve used…especially given its price compared to the competition – it’s not even in the same galaxy as some of the others out there. Definitely worth checking out.

Check out Kevin's blog for more.

It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get started. This reminds me of the Mark Victor Hansen quote:

“Don’t wait until everything is just right. It will never be perfect. There will always be challenges, obstacles and less than perfect conditions. So what. Get started now. With each step you take, you will grow stronger and stronger, more and more skilled, more and more self-confident and more and more successful.”

I wrote this article in conjunction with the nice folks at Checkmarx who happen to produce the best static source code analysis tool I’ve used…especially given its price compared to the competition – it’s not even in the same galaxy as some of the others out there. Definitely worth checking out.

Check out Kevin’s blog for more.


</close>

8 Cybersecurity Resolutions to Make for 2015

8 Dec 2014 | By Nicole Fallon

It seems that 2014 was the year of data breaches in the business world. Target, Home Depot, AT&T, JP Morgan, eBay, P.F. Chang’s and other high-profile brands all fell victim to cybercriminals, compromising both the companies’ reputations and their customers’ information.

1. Secure your mobile apps

You know you need to protect your business’s website and payment system, but what about your mobile app? If you’ve created an app for your customers to use, it may not be as secure as you think.

“Mobile apps serve as a portal to your business’ system as well as your customers’ phones,” said Asaph Schulman, vice president of marketing at Web and mobile-app security solutions provider Checkmarx. “Making sure your app is secured before releasing it to the public will keep you and your customers happy and safe. Don’t assume that your Web developer will consider security as part of their brief, unless you insist on it.”

Read the whole article at Business News Daily.

It seems that 2014 was the year of data breaches in the business world. Target, Home Depot, AT&T, JP Morgan, eBay, P.F. Chang’s and other high-profile brands all fell victim to cybercriminals, compromising both the companies’ reputations and their customers’ information.

1. Secure your mobile apps

You know you need to protect your business’s website and payment system, but what about your mobile app? If you’ve created an app for your customers to use, it may not be as secure as you think.

“Mobile apps serve as a portal to your business’ system as well as your customers’ phones,” said Asaph Schulman, vice president of marketing at Web and mobile-app security solutions provider Checkmarx. “Making sure your app is secured before releasing it to the public will keep you and your customers happy and safe. Don’t assume that your Web developer will consider security as part of their brief, unless you insist on it.”

Read the whole article at Business News Daily.


</close>

5 Ways Outsourcing App Development Security Will Help You Cut Costs

12 Nov 2014 | By Shirley Ben-Dak

IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible parent in charge of maintaining application security. Given that web applications often entail the transfer of secure information, regulatory requirements are generally the norm. As such, identifying vulnerabilities and company weak spots shouldn’t and can’t be overlooked.

Knowing this, should code security protocols fall under the job description of your headphones-friendly web developer? Below are 5 ways outsourcing app development security will help you cut costs both now and in the future.

Continue reading this article at Nimble.com

IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible parent in charge of maintaining application security. Given that web applications often entail the transfer of secure information, regulatory requirements are generally the norm. As such, identifying vulnerabilities and company weak spots shouldn’t and can’t be overlooked.

Knowing this, should code security protocols fall under the job description of your headphones-friendly web developer? Below are 5 ways outsourcing app development security will help you cut costs both now and in the future.

Continue reading this article at Nimble.com


</close>

Citizen Developers Will Ruin Software, Discuss

30 Sep 2014 | By Forbes

Our use of term ‘citizen’ has evolved. It has transmogrified from its original context pertaining to: any native or naturalized member of a state or nation who owes allegiance to its government. Today then, citizen means: a consumer-level or non-specialist participant who engages in the formal activities of an established profession. The citizen (insert job title) will typically carry out his or her actions and then subsequently post the results on social networks and various Internet-based forums.

The problem, encapsulated

Here’s the problem in a nutshell. Ask a citizen developer if they think citizen programming is a good thing and they will say yes. Ask a developer and they will say no. Ask a software testing and management company and they will say yes, but only if the software is tested and managed and controlled. Ask a cloud development company and they will say yes, but only if the resulting software is compartmentalized, virtualized away and containerized appropriately. Ask a security-aware code analysis company and they will say yes, but security measures need to be baked into the development process itself so that security checks are not left to the final stage, when there is often additional pressure to complete the project in time for deadlines.

Read the full article at Forbes.

Our use of term ‘citizen’ has evolved. It has transmogrified from its original context pertaining to: any native or naturalized member of a state or nation who owes allegiance to its government. Today then, citizen means: a consumer-level or non-specialist participant who engages in the formal activities of an established profession. The citizen (insert job title) will typically carry out his or her actions and then subsequently post the results on social networks and various Internet-based forums.

The problem, encapsulated

Here’s the problem in a nutshell. Ask a citizen developer if they think citizen programming is a good thing and they will say yes. Ask a developer and they will say no. Ask a software testing and management company and they will say yes, but only if the software is tested and managed and controlled. Ask a cloud development company and they will say yes, but only if the resulting software is compartmentalized, virtualized away and containerized appropriately. Ask a security-aware code analysis company and they will say yes, but security measures need to be baked into the development process itself so that security checks are not left to the final stage, when there is often additional pressure to complete the project in time for deadlines.

Read the full article at Forbes.


</close>

Web Security Tools that Take the Pressure Off Web Designers

25 Sep 2014 | By Peter Lee

Designers can take an idea and turn it into a masterpiece of user interactivity, and because of their competence in all things aesthetic and interface, they’re often asked to undergo tasks that, honestly, should not fall on their shoulders. Yet, they still trudge along in the noble effort to retain clients. One of the worst types of encounters they are faced with comes in the form of web security, which is about as close to web design as a beanie is to jogging shoes. Sure, they’ll get used by the same person, but their origins are wildly different.

In many cases, designers will reach out through channels like Craigslist to find one-off programmers and “security experts” but often end up short in terms of accountability or assurance. But, for those who want to come out of the task looking like an internet champion, there are some security tools available that will not only get the work completed, but they will help keep a website or web app safe for as long as required.

Checkmarx

As a web security service, Checkmarx is one of those end-all, be-all products that will cover anything. Their tools not only cover everything from the OWASP top 10 and SANS list of known security breaches, but they have some killer services that a designer can use to significant effect. As far as these are concerned, the best comes in the form of software code analysis that checks web applications for vulnerabilities and can even deploy fixes for these security holes.

They go far beyond just that, though, and are a trusted enough resource that their clientele includes behemoths like the federal government and Deutsche Telekom (The company behind T-Mobile). Their ability to find system vulnerabilities as well as offering access to an abundance of tools to fix any issues make Checkmarx unbeatable in the realm of security.

Read the original article on TechSheer

Designers can take an idea and turn it into a masterpiece of user interactivity, and because of their competence in all things aesthetic and interface, they’re often asked to undergo tasks that, honestly, should not fall on their shoulders. Yet, they still trudge along in the noble effort to retain clients. One of the worst types of encounters they are faced with comes in the form of web security, which is about as close to web design as a beanie is to jogging shoes. Sure, they’ll get used by the same person, but their origins are wildly different.

In many cases, designers will reach out through channels like Craigslist to find one-off programmers and “security experts” but often end up short in terms of accountability or assurance. But, for those who want to come out of the task looking like an internet champion, there are some security tools available that will not only get the work completed, but they will help keep a website or web app safe for as long as required.

Checkmarx

As a web security service, Checkmarx is one of those end-all, be-all products that will cover anything. Their tools not only cover everything from the OWASP top 10 and SANS list of known security breaches, but they have some killer services that a designer can use to significant effect. As far as these are concerned, the best comes in the form of software code analysis that checks web applications for vulnerabilities and can even deploy fixes for these security holes.

They go far beyond just that, though, and are a trusted enough resource that their clientele includes behemoths like the federal government and Deutsche Telekom (The company behind T-Mobile). Their ability to find system vulnerabilities as well as offering access to an abundance of tools to fix any issues make Checkmarx unbeatable in the realm of security.

Read the original article on TechSheer


</close>

Checkmarx Named Fastest Growing Security Company in Israel

23 Sep 2014 | By Sharon Solomon

Checkmarx, a leading developer of static code analysis solutions which identify software security vulnerabilities, has been ranked the #1 fastest growing security company in the Israel Deloitte Technology Fast 50 for 2014 – one of Israel’s foremost technology awards. Checkmarx’s outstanding 1286% growth rate over the last five years positions the company as the 15th fastest growing technology company overall in Israel.

The awards recognize extraordinary growth driven by technology innovation. To determine the fastest growing companies, Deloitte reviewed fiscal year revenues over five years (2010-2014) then calculated and compared the revenue growth percentages. As part of the award, Checkmarx is automatically entered into the Deloitte Technology Fast 500 EMEA: a ranking of the 500 fastest-growing technology companies in Europe, the Middle East and Africa over the last five years.

Checkmarx is a creator of software solutions that secure mobile and web applications during the development process. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

“We are thrilled to be ranked as the fastest growing security company in Israel,” said Asaph Shulman, VP Marketing at Checkmarx. “Being ranked as a Fast 50 Company is the result of many years of hard work and innovation by our team, and is a testament to the impact of Checkmarx’s technology. It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people.”

“As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk,” he continued.

“Achieving sustained revenue growth of 1286% over five years is a fantastic achievement for a technology company operating in a competitive global economy,” said Tal Chen, partner in charge of the Deloitte Brightman Almagor Zohar Israel Technology Fast 50 Program. Checkmarx deserves great recognition for its outstanding growth, and we congratulate them for it.”

About Checkmarx:

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army.

 

Checkmarx, a leading developer of static code analysis solutions which identify software security vulnerabilities, has been ranked the #1 fastest growing security company in the Israel Deloitte Technology Fast 50 for 2014 – one of Israel’s foremost technology awards. Checkmarx’s outstanding 1286% growth rate over the last five years positions the company as the 15th fastest growing technology company overall in Israel.

The awards recognize extraordinary growth driven by technology innovation. To determine the fastest growing companies, Deloitte reviewed fiscal year revenues over five years (2010-2014) then calculated and compared the revenue growth percentages. As part of the award, Checkmarx is automatically entered into the Deloitte Technology Fast 500 EMEA: a ranking of the 500 fastest-growing technology companies in Europe, the Middle East and Africa over the last five years.

Checkmarx is a creator of software solutions that secure mobile and web applications during the development process. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and immediately shows developers and security auditors where and how to fix them.

“We are thrilled to be ranked as the fastest growing security company in Israel,” said Asaph Shulman, VP Marketing at Checkmarx. “Being ranked as a Fast 50 Company is the result of many years of hard work and innovation by our team, and is a testament to the impact of Checkmarx’s technology. It is confirmation that our technology is not only groundbreaking, but recognized as integral for securing applications that contain the personal information of millions of people.”

“As the popularity of mobile and web applications rises, it is more urgent than ever to ensure consumer privacy and security. The best way to do this is by checking for vulnerabilities as the app is developed, before any consumer information is put at risk,” he continued.

“Achieving sustained revenue growth of 1286% over five years is a fantastic achievement for a technology company operating in a competitive global economy,” said Tal Chen, partner in charge of the Deloitte Brightman Almagor Zohar Israel Technology Fast 50 Program. Checkmarx deserves great recognition for its outstanding growth, and we congratulate them for it.”

About Checkmarx:

Checkmarx is a leading developer of software solutions used to identify security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The company’s customers include 4 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including Samsung, Salesforce and the US Army.

 


</close>

Former HP Executive Joins Checkmarx

11 Sep 2014 | By Sharon Solomon

Ron Kormanek, former Hewlett Packard executive, to serve as VP Sales, North America for Checkmarx – a Leading Application Security Solution Provider

Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx.

“With his vast experience in the application security testing sector, Ron is the ideal candidate to manage the exponential growth we are experiencing in the North American market,” said Emmanuel Benzaquen, CEO of Checkmarx. “With his help, Checkmarx will continue displacing the established leaders in the field of application security and bring our disruptive technology to even more customers across different industries.”

Checkmarx is a provider of SAST software solutions that cover a broad variety of programming languages, securing mobile and web applications from the very beginning of the development. Checkmarx’s technology provides maximum application security for software developers and security experts throughout the software development life cycle (SDLC), in both on premise and on demand models. Recently named as the leading Challenger in the Application Security Testing Magic Quadrant by Gartner, Checkmarx is taking further strides to strengthen the company’s presence globally, and in North America in particular.

Ron brings to Checkmarx over 20 years of experience in the security industry. Prior to joining Checkmarx, Ron worked at Hewlett-Packard for nine years, most recently as VP of Sales in the Enterprise Security Products Division. Prior to HP he held several senior sales positions at McAfee and Ameritech.

“I am delighted to be joining such an innovative and dynamic a company as Checkmarx. Its innovative solutions and vision for the future of application security testing highlight why Checkmarx is quickly becoming a leader in the market,” noted the new VP, Ron Kormanek. “The increased reliance on web and mobile applications and their dependency on sensitive consumer information will lead to a demand for excellent and trustworthy application security solutions, and Checkmarx is ideally positioned to meet the challenge.”

Ron Kormanek, former Hewlett Packard executive, to serve as VP Sales, North America for Checkmarx – a Leading Application Security Solution Provider

Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx.

“With his vast experience in the application security testing sector, Ron is the ideal candidate to manage the exponential growth we are experiencing in the North American market,” said Emmanuel Benzaquen, CEO of Checkmarx. “With his help, Checkmarx will continue displacing the established leaders in the field of application security and bring our disruptive technology to even more customers across different industries.”

Checkmarx is a provider of SAST software solutions that cover a broad variety of programming languages, securing mobile and web applications from the very beginning of the development. Checkmarx’s technology provides maximum application security for software developers and security experts throughout the software development life cycle (SDLC), in both on premise and on demand models. Recently named as the leading Challenger in the Application Security Testing Magic Quadrant by Gartner, Checkmarx is taking further strides to strengthen the company’s presence globally, and in North America in particular.

Ron brings to Checkmarx over 20 years of experience in the security industry. Prior to joining Checkmarx, Ron worked at Hewlett-Packard for nine years, most recently as VP of Sales in the Enterprise Security Products Division. Prior to HP he held several senior sales positions at McAfee and Ameritech.

“I am delighted to be joining such an innovative and dynamic a company as Checkmarx. Its innovative solutions and vision for the future of application security testing highlight why Checkmarx is quickly becoming a leader in the market,” noted the new VP, Ron Kormanek. “The increased reliance on web and mobile applications and their dependency on sensitive consumer information will lead to a demand for excellent and trustworthy application security solutions, and Checkmarx is ideally positioned to meet the challenge.”


</close>

How To Future-Proof Security For Your Next App Development Project

4 Sep 2014 | By Shirley Ben-Dak

IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive costs as well as deter the focus of developers primarily tasked with writing code.

With hundreds of rigorous security regulations set by various countries worldwide, it has become increasingly necessary to find comprehensive solutions to security source code problems. Thankfully, some of these service providers offer user-friendly browser plugins and simple ‘attach code and wait’ frameworks that reveal security threats upon a quick scan of the application’s source code.

Checkmarx is an example of a leading company that has developed precise tools for testing and analyzing code (while supporting a variety of programming languages) to identify invasive security issues. These and similar technologies essentially allow IT managers to reduce both the costs associated with maintaining security professionals as well as those potentially resulting from a failure to adequately address those threats.

With these and other fast-growing providers helping clients future-proof app development security, coders can reduce or eliminate time spent on handling security checking and concentrate their efforts on writing great code.

Read the original article on the SAP Business Innovation Blog.

IT managers must be exhausted. After all, they are well aware of the difficulty in hiring and managing employees to create secure applications, while also focusing on feature design, implementation and testing. These are mammoth tasks that can easily drive costs as well as deter the focus of developers primarily tasked with writing code.

With hundreds of rigorous security regulations set by various countries worldwide, it has become increasingly necessary to find comprehensive solutions to security source code problems. Thankfully, some of these service providers offer user-friendly browser plugins and simple ‘attach code and wait’ frameworks that reveal security threats upon a quick scan of the application’s source code.

Checkmarx is an example of a leading company that has developed precise tools for testing and analyzing code (while supporting a variety of programming languages) to identify invasive security issues. These and similar technologies essentially allow IT managers to reduce both the costs associated with maintaining security professionals as well as those potentially resulting from a failure to adequately address those threats.

With these and other fast-growing providers helping clients future-proof app development security, coders can reduce or eliminate time spent on handling security checking and concentrate their efforts on writing great code.

Read the original article on the SAP Business Innovation Blog.


</close>

Application Security Taking Center Stage for Retailers

20 Aug 2014 | By Asaph Schulman

The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.

In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.

Five Ways Retailers Can Secure Applications
1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.

2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.

3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.

4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.

5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.

The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.

Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.

Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.

Read the original article at Retail Online Integration here

The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.

In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.

Five Ways Retailers Can Secure Applications
1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.

2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.

3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.

4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.

5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.

The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.

Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.

Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.

Read the original article at Retail Online Integration here


</close>