In the News

Source code analysis strengthens bank’s security

4 Apr 2017 | By Digitalisation World

A leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers.

This means that four of the largest American banks have adopted Checkmarx to enhance their application security. By working with Checkmarx, the financial institution is prioritizing the security of its assets and customers’ financial and personal data, while also advancing its static code coverage by integrating application security testing and remediation.

Continue reading here

A leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers.

This means that four of the largest American banks have adopted Checkmarx to enhance their application security. By working with Checkmarx, the financial institution is prioritizing the security of its assets and customers’ financial and personal data, while also advancing its static code coverage by integrating application security testing and remediation.

Continue reading here


</close>

Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security

4 Apr 2017 | By Marc Jacob

Checkmarx announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American banks have adopted Checkmarx to enhance their application security. By working with Checkmarx, the financial institution is prioritizing the security of its assets and customers’ financial and personal data, while also advancing its static code coverage by integrating application security testing and remediation.

 

Click here to read more. 

Checkmarx announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American banks have adopted Checkmarx to enhance their application security. By working with Checkmarx, the financial institution is prioritizing the security of its assets and customers’ financial and personal data, while also advancing its static code coverage by integrating application security testing and remediation.

 

Click here to read more. 


</close>

March 2017: The month in hacks and breaches

3 Apr 2017 | By CSO staff

March came in like a lion with news breaking on March 6 that spamming operation River City Media exposed 1.34 billion email accounts, some of which included personal information including full names and addresses. How did this happen? The company failed to properly configure their Rsync backups, wrote CSO’s Steve Ragan.

And that wasn't all the news from March. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

Click here to read the full article.

March came in like a lion with news breaking on March 6 that spamming operation River City Media exposed 1.34 billion email accounts, some of which included personal information including full names and addresses. How did this happen? The company failed to properly configure their Rsync backups, wrote CSO’s Steve Ragan.

And that wasn’t all the news from March. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

Click here to read the full article.


</close>

Free learning resources and tools for security savvy developers

31 Mar 2017 | By Madison Moore

Developers will never be responsible for all of security in an organization, but if they keep up with best practices, resources, and find new ways to secure and deliver good code, they could play a key role in developing resilient software.

Today, most firms have a software security group (or SSG) or a product security group, and they are the team that is responsible for making software security happen. However, they work alongside developers to make sure they too are aware of security best practices, like how to write secure code and do threat modeling.

 

Click here for the full article. 

 

Developers will never be responsible for all of security in an organization, but if they keep up with best practices, resources, and find new ways to secure and deliver good code, they could play a key role in developing resilient software.

Today, most firms have a software security group (or SSG) or a product security group, and they are the team that is responsible for making software security happen. However, they work alongside developers to make sure they too are aware of security best practices, like how to write secure code and do threat modeling.

 

Click here for the full article. 

 


</close>

Leading Global Bank Implements Checkmarx Source Code Analysis to Strengthen Security

30 Mar 2017 | By

Checkmarx, a global leader in application security testing, today announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American banks have adopted Checkmarx to enhance their application security. By working with Checkmarx, the financial institution is prioritizing the security of its assets and customers’ financial and personal data, while also advancing its static code coverage by integrating application security testing and remediation.

 

Read the full article here

Checkmarx, a global leader in application security testing, today announced that a leading American international banking and financial services holding company is implementing the Checkmarx solution to further strengthen its security posture and deliver secure applications to its customers. This means that four of the largest American banks have adopted Checkmarx to enhance their application security. By working with Checkmarx, the financial institution is prioritizing the security of its assets and customers’ financial and personal data, while also advancing its static code coverage by integrating application security testing and remediation.

 

Read the full article here


</close>

Security resolutions and trends companies need to consider this year

28 Mar 2017 | By Madison Moore

From LinkedIn to Yahoo, companies fell into the hands of hackers and identity thieves in 2016. Each year, companies seem to make the same security resolutions, only to face roadblocks like skill shortages, time constraints and budget issues, which prevent them from implementing good security practices. Experts recommended companies consider the following trends and predictions for 2017, instead of scrambling to fight off attacks for another year.

Software is vital for society’s well being, since it is critical in all aspects of human lives, whether it’s banking or mobile applications or national infrastructure, said Paul Curran, cybersecurity evangelist for Checkmarx (an application security solution company).

 

Continue reading here

From LinkedIn to Yahoo, companies fell into the hands of hackers and identity thieves in 2016. Each year, companies seem to make the same security resolutions, only to face roadblocks like skill shortages, time constraints and budget issues, which prevent them from implementing good security practices. Experts recommended companies consider the following trends and predictions for 2017, instead of scrambling to fight off attacks for another year.

Software is vital for society’s well being, since it is critical in all aspects of human lives, whether it’s banking or mobile applications or national infrastructure, said Paul Curran, cybersecurity evangelist for Checkmarx (an application security solution company).

 

Continue reading here


</close>

THE EU GDPR: what does it mean for application security?

6 Mar 2017 | By Amit Ashbel

With four out of every five businesses using 10 or more business applications, securing those applications should be paramount in the run up to March 2018. There continues to be a certain malaise among many organisations about getting ready for the GDPR, and it's incredibly surprising given the huge penalties for breaches coming into force next year. Judging by the breadth of media reports, organisations freely admit that they are not ready for the EU GDPR. At the same time, these organisations are increasingly using mobile applications so securing those applications should be high on the list of all organisations looking to avoid data breaches.

 

Click here for the full article. 

With four out of every five businesses using 10 or more business applications, securing those applications should be paramount in the run up to March 2018. There continues to be a certain malaise among many organisations about getting ready for the GDPR, and it’s incredibly surprising given the huge penalties for breaches coming into force next year. Judging by the breadth of media reports, organisations freely admit that they are not ready for the EU GDPR. At the same time, these organisations are increasingly using mobile applications so securing those applications should be high on the list of all organisations looking to avoid data breaches.

 

Click here for the full article. 


</close>

February 2017: The month in hacks and breaches

1 Mar 2017 | By CSO Staff

On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.

Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later,” Lucian Constantin reported.

The month wrapped up with a breach impacting more than 800,000 user accounts from CloudPets, purveyor of smart teddy bears. The culprit: an unsecured, publicly exposed MongoDB database.

But that wasn't all the news from February. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

Read more here

On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.

Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability’s existence until a week later,” Lucian Constantin reported.

The month wrapped up with a breach impacting more than 800,000 user accounts from CloudPets, purveyor of smart teddy bears. The culprit: an unsecured, publicly exposed MongoDB database.

But that wasn’t all the news from February. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

 

Read more here


</close>

Guest View: Cybersecurity education isn’t a game. Or is it?

28 Feb 2017 | By Amit Ashbel

Security, specifically application security, has become a huge challenge for IT companies worldwide. Actually, most companies in any vertical nowadays have some sort of IT platform they maintain. An increasing number of exploits, causing widespread financial and technical damage, are being reported on an almost daily basis. Yet the biggest vulnerability you have is sitting right under your nose (or next to you). Sixty-six percent of respondents to a recent study from the Ponemon Institute cited employees as the biggest security threat to their company.

As a leader, the best place to start looking for employee vulnerabilities is within your own team. If you look around, you might realize that some of the key IT players and developers are uneducated and sometimes even unaware of security in their code. There’s a big gap between app developers’ coding abilities and their security literacy.

 

Read more here.

Security, specifically application security, has become a huge challenge for IT companies worldwide. Actually, most companies in any vertical nowadays have some sort of IT platform they maintain. An increasing number of exploits, causing widespread financial and technical damage, are being reported on an almost daily basis. Yet the biggest vulnerability you have is sitting right under your nose (or next to you). Sixty-six percent of respondents to a recent study from the Ponemon Institute cited employees as the biggest security threat to their company.

As a leader, the best place to start looking for employee vulnerabilities is within your own team. If you look around, you might realize that some of the key IT players and developers are uneducated and sometimes even unaware of security in their code. There’s a big gap between app developers’ coding abilities and their security literacy.

 

Read more here.


</close>

Checkmarx announces Open Beta for Scala Programming Language Vulnerability Detection

16 Feb 2017 | By Dawn Nicholls

New York: Checkmarx has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.

 

Checkmarx is the first static analysis solution to support Scala. The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to identify security and compliance issues in the flows between Scala and Java, and vice versa – enabling applications built using both Java and Scala to be fully analyzed using a single Checkmarx scan. With Checkmarx, users can identify a wide range of potential vulnerabilities in Scala code such as code injections, connection string injections, reflected XSS, SQL injections, stored XSS and many more.

The growing success of the Scala programming language has incentivized organizations globally to shift away from using Java, with Scala predicted to become a preferred choice by developers. Due to the rise in popularity, there is an urgent need to address the risks that may be exposed if coding is not done in a secure manner. Without a way to analyze Scala code statically the industry will soon find itself combating breaches exposed by bad Scala coding techniques.

 

Click here for the full article. 

New York: Checkmarx has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.

 

Checkmarx is the first static analysis solution to support Scala. The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to identify security and compliance issues in the flows between Scala and Java, and vice versa – enabling applications built using both Java and Scala to be fully analyzed using a single Checkmarx scan. With Checkmarx, users can identify a wide range of potential vulnerabilities in Scala code such as code injections, connection string injections, reflected XSS, SQL injections, stored XSS and many more.

The growing success of the Scala programming language has incentivized organizations globally to shift away from using Java, with Scala predicted to become a preferred choice by developers. Due to the rise in popularity, there is an urgent need to address the risks that may be exposed if coding is not done in a secure manner. Without a way to analyze Scala code statically the industry will soon find itself combating breaches exposed by bad Scala coding techniques.

 

Click here for the full article. 


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.