Software Exposure is the new unknown. But not for long.
Manage Software Exposure at the Speed of DevOps
Gartner Magic Quadrant for Application Security Testing, 2018
The Complete Guide to Developer Secure Coding Education
CISO of Brussels Airlines answers "Why Checkmarx?"
Checkmarx is pioneering Software Exposure
Some Starbucks customers have had money siphoned out of their Starbucks mobile app by thieves using a clever new attack, but Starbucks itself hasn't been hacked, the company said Friday.
It works like this: First, the thieves buy stolen passwords and IDs on the underground market.
They then use an automated program to try the stolen combinations one after another on the Starbucks mobile app until one works, according to application security firm Checkmarx. This is what's called a "brute force" attack. These programs can "process" hundreds of ID-password combinations a second.
If the user has it set the app up to automatically reload from their credit card or PayPal account, the thieves can immediately steal again as soon as the app has more money in it, according to application security firm Checkmarx.
Read the full article here.
Some Starbucks customers have had money siphoned out of their Starbucks mobile app by thieves using a clever new attack, but Starbucks itself hasn’t been hacked, the company said Friday.
They then use an automated program to try the stolen combinations one after another on the Starbucks mobile app until one works, according to application security firm Checkmarx. This is what’s called a “brute force” attack. These programs can “process” hundreds of ID-password combinations a second.
In its third year of coordinating cyber attacks against Israel, the online “hacktivist” group Anonymous decided to up its rhetoric. On April 7, the group promised in a video, it would unleash “an electronic Holocaust” on the Jewish state, threatening to wipe Israel from the cyber- security map.
Though Anonymous garnered plenty of media attention, the question is whether it did any lasting damage. Most analysts saw it as a childish nuisance; one pro-Israeli hacktivist even broke into an OpIsrael website and posted messages defending the Jewish state. “As long as it’s a dispersed effort [comprised of] ad-hoc teams getting together for activist causes, I don’t see that as a major threat. We should be more concerned about Russia or China, which have real cyber armies,” said Asaph Schulman, vice president of marketing at Checkmarx. “It’s not like the Chinese trying to hack Lockheed Martin for the latest IP in aerodynamics.”
This article was originally featured in the Jerusalem Post. Read the rest of the article here (PDF).
Brilliance Security Magazine had the good fortune of sitting down with Maty Siman, Founder and CTO, of Checkmarx at the RSA Conference in San Francisco. Mr. Siman’s obvious intelligence yet humble demeanor enables him to standout as a notable leader in the security industry. Founded in 2006 and headquartered in Tel Aviv, Checkmarx develops Static Code Analysis solutions which enable organizations to introduce security into their Software Development Lifecycle.
Read the full article here.
The new partnership between Virtual Forge and Checkmarx offers companies a powerful platform for testing and ensuring the application security of business applications, including those that are developed in SAP ABAP.
Much of the data breaches still take place through the exploitation of vulnerabilities and security holes in software. Many companies therefore see the need to identify application vulnerabilities as early as possible and to fix them. For this very purpose, Static Application Security Testing (SAST) solutions have been proven as effective means.
As demand to access company information on the move and from mobile devices increases it places extra strain on security resources.
Existing web applications firewalls (WAFs) monitor traffic but don’t have an understanding of the logic of data flows and the behavior of applications. This can make it hard for them to distinguish between legitimate traffic and attacks on apps such as SQL injection and cross-site scripting.
Israel-based security company Checkmarx is launching a run-time application self-protection (RASP) tool called CxRASP which will monitor an app’s bidirectional data flow, enabling the detection of and defense against real-time attacks.
Checkmarx’s technology ‘listens’ at each interaction junction of the app, covering access points between the application and the user, the database, the network, and the file system. With complete visibility into the app’s input and output, CxRASP tailors the protection mechanism to the specific flow within the application to achieve high detection accuracy in real-time. Suspicious activity is flagged when it enters the app, and then verified to see if it is actually malicious at the output to minimize false positives and false negatives. If an attack is identified, the organization is alerted and instructions are sent on how to fix the vulnerability.
“The fast increasing number of applications and the resulting vast amounts of insecure code written and released into production means that we need a more intelligent way to ensure software security,” says Emmanuel Benzaquen, CEO of Checkmarx. “CxRASP is the ultimate way to protect applications as it lets applications do the work of protecting themselves so that security vulnerabilities are revealed and blocked in real-time”.
The product can be integrated with static application security testing tools from Checkmarx and elsewhere to ensure application protection throughout the development process.
This article originally appeared on BetaNews.
The world’s leading information security publications have featured Pakistani security researcher, Rafay Baloch, as one of the top ethical hackers in 2014, putting the 21-year-old Karachiite on top of their lists, The Express Tribune learnt on Thursday.
“Ethical hacking, which makes the information world more secure, is one way we [Pakistanis] can change our country’s negative perception in the world,” said Baloch.
Checkmarx, a source code analysis company based out of Tel Aviv, Israel, recognized Baloch as one of the world’s top five ethical hackers who made the headlines in 2014 for exposing a serious vulnerability – a Same-Origin Policy (SOP) bypass – in Android’s Open Source Platform browser (versions older than 4.4).
The recognition comes from a company that has, arguably, the best tool for Static Application Security Testing. Checkmarx was ranked number one for static analysis in “Critical Capabilities for Application Security Testing”, a 2014 report by the world’s leading information technology research and advisory company, Gartner.
Read the rest of this article here.
TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) -- Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014.
Forrester Research, Inc. invited 12 AST solution providers to participate and rated the providers based on 82 specific criteria within their current offerings, strategies, and market presence. The report offers a comprehensive assessment of each vendor for security and risk professionals. In Forrester’s evaluation, Checkmarx received among the highest scores for Customer References, Corporate Strategy and Developer Education and Training.
“Checkmarx’s solution has strong functional capabilities in deployment, concurrent use, scanning automation, configurable rules and scans, target scanning, and multiple user report,” the report noted. “The Checkmarx offering has strong static analysis levels around source code scanning, varied language and framework support, analysis levels, and custom static analysis rules.”
Read the rest of the release here.
TEL AVIV, Israel, Dec 30, 2014 (BUSINESS WIRE) — Checkmarx, web and mobile Application Security Testing (AST) solutions provider, was positioned as a Leader in The Forrester Wave™: Application Security, Q4 2014.
It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get started. This reminds me of the Mark Victor Hansen quote:
“Don’t wait until everything is just right. It will never be perfect. There will always be challenges, obstacles and less than perfect conditions. So what. Get started now. With each step you take, you will grow stronger and stronger, more and more skilled, more and more self-confident and more and more successful.”
I wrote this article in conjunction with the nice folks at Checkmarx who happen to produce the best static source code analysis tool I’ve used…especially given its price compared to the competition – it’s not even in the same galaxy as some of the others out there. Definitely worth checking out.
Check out Kevin's blog for more.
Check out Kevin’s blog for more.
1. Secure your mobile apps
You know you need to protect your business’s website and payment system, but what about your mobile app? If you’ve created an app for your customers to use, it may not be as secure as you think.
“Mobile apps serve as a portal to your business’ system as well as your customers’ phones,” said Asaph Schulman, vice president of marketing at Web and mobile-app security solutions provider Checkmarx. “Making sure your app is secured before releasing it to the public will keep you and your customers happy and safe. Don’t assume that your Web developer will consider security as part of their brief, unless you insist on it.”
Read the whole article at Business News Daily.
IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible parent in charge of maintaining application security. Given that web applications often entail the transfer of secure information, regulatory requirements are generally the norm. As such, identifying vulnerabilities and company weak spots shouldn’t and can’t be overlooked.
Knowing this, should code security protocols fall under the job description of your headphones-friendly web developer? Below are 5 ways outsourcing app development security will help you cut costs both now and in the future.
Continue reading this article at Nimble.com