In the News

Remotely Exploitable Flaws Found in Popular IP Cameras

2 Aug 2017 | By Eduard Kovacs

Checkmarx researchers have analyzed a couple of IP cameras from Loftek and VStarcam and discovered several new vulnerabilities and variations of previously found flaws.

In Loftek’s CXS 2200 camera, experts discovered cross-site request forgery (CSRF) flaws that can be exploited to add new admin users, server-side request forgery (SSRF) flaws that can be used for denial-of-service (DoS) attacks and to find other devices on the local network or the Internet, stored cross-site scripting (XSS) bugs that can be used to execute arbitrary code, and file disclosure vulnerabilities.

In the VStarcam C7837WIP camera, researchers found stored XSS, open redirect, and forced factory reset weaknesses. Both cameras allow attackers to manipulate HTTP responses, which can be useful for conducting XSS, cross-user defacement, cache poisoning and page hijacking attacks.

 

Click here to read the full article 

Checkmarx researchers have analyzed a couple of IP cameras from Loftek and VStarcam and discovered several new vulnerabilities and variations of previously found flaws.

In Loftek’s CXS 2200 camera, experts discovered cross-site request forgery (CSRF) flaws that can be exploited to add new admin users, server-side request forgery (SSRF) flaws that can be used for denial-of-service (DoS) attacks and to find other devices on the local network or the Internet, stored cross-site scripting (XSS) bugs that can be used to execute arbitrary code, and file disclosure vulnerabilities.

In the VStarcam C7837WIP camera, researchers found stored XSS, open redirect, and forced factory reset weaknesses. Both cameras allow attackers to manipulate HTTP responses, which can be useful for conducting XSS, cross-user defacement, cache poisoning and page hijacking attacks.

 

Click here to read the full article 


</close>

Checkmarx: Proactive Threat Protection

31 Jul 2017 | By CIO Review

Today’s cyber landscape leaves no room for mistakes when it comes to the security of software and applications. Enterprises are well aware of the harsh consequences of a cyberattack. Moreover, with end users expecting software vendors to deliver cutting edge software at the speed of light, enterprises find themselves constantly juggling between quick releases and secure releases. “The current approach toward fixing security vulnerabilities at the end of the software development lifecycle creates a recurring cycle of delivery delays,” states Emmanuel Benzaquen, Checkmarx’s CEO. In light of this, Checkmarx is reshaping the ways of application security testing by tapping into the DevOps cycle as early as where developers are coding, making security a seamless and effortless component of the process. “We believe the sooner security vulnerabilities are fixed, the faster the application delivery will be,” he adds.

 

Click here to read the full article

Today’s cyber landscape leaves no room for mistakes when it comes to the security of software and applications. Enterprises are well aware of the harsh consequences of a cyberattack. Moreover, with end users expecting software vendors to deliver cutting edge software at the speed of light, enterprises find themselves constantly juggling between quick releases and secure releases. “The current approach toward fixing security vulnerabilities at the end of the software development lifecycle creates a recurring cycle of delivery delays,” states Emmanuel Benzaquen, Checkmarx’s CEO. In light of this, Checkmarx is reshaping the ways of application security testing by tapping into the DevOps cycle as early as where developers are coding, making security a seamless and effortless component of the process. “We believe the sooner security vulnerabilities are fixed, the faster the application delivery will be,” he adds.

 

Click here to read the full article


</close>

Playing Games To Learn Code, Checkmarx Acquires Codebashing

26 Jul 2017 | By Adrian Bridgwater

Application security testing company Checkmarx has now acquired the somewhat aggressively named Codebashing, a company that specializes in game-like application security education and training for software application developers.

 

Read the full article on Forbes

Application security testing company Checkmarx has now acquired the somewhat aggressively named Codebashing, a company that specializes in game-like application security education and training for software application developers.

 

Read the full article on Forbes


</close>

Checkmarx acquired Codebashing

26 Jul 2017 | By Christian Hargrave

Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.

Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.

 

Click here to continue reading 

Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.

Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don’t address the specific challenge as it appears. Moreover, participants tend to retain only a fraction of the materials in between the traditional “annual” training cycles.

 

Click here to continue reading 


</close>

Checkmarx Acquires Codebashing to Redefine Secure Coding Education

25 Jul 2017 | By Dark Reading

Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster.

 Checkmarx, a global leader in application security testing solutions, today announced its acquisition of Codebashing, a leading application security education company that delivers Game-like AppSec Training for Developers.
Read the full article on Dark Reading

Through Acquisition, Checkmarx will Provide Interactive Tools to Further Developer Application Security Knowledge and Deliver Secure Applications Even Faster.

 Checkmarx, a global leader in application security testing solutions, today announced its acquisition of Codebashing, a leading application security education company that delivers Game-like AppSec Training for Developers.
Read the full article on Dark Reading

</close>

Checkmarx Acquires Codebashing

25 Jul 2017 | By DevOps Digest

Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.

By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.

Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.

 

Click here to read the full article 

Checkmarx announced the acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.

By shifting security left and empowering developers to deliver secure applications, this acquisition allows Checkmarx to introduce continuous, in-context, bite sized secure coding training. Effective training allows enterprises to grow their in-house security skills, which results in fewer vulnerabilities being introduced into code in the first place.

Codebashing delivers a hands-on interactive training platform built by developers for the needs of developers. Education gamification saves precious time and eliminates the need for expensive secure coding courses with irrelevant material, allowing organizations to implement secure coding training in a DevOps and CI/CD environment without impacting delivery timelines.

 

Click here to read the full article 


</close>

Israel’s Checkmarx buys security education firm Codebashing

25 Jul 2017 | By Tova Cohen

Israel's Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.

 

Click here to continue reading

Israel’s Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.

 

Click here to continue reading


</close>

SD Times news digest: July 24, 2017

24 Jul 2017 | By Christina Cardoza and Madison Moore

Checkmarx acquires security education provider
Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security knowledge and deliver secure apps.

According to Checkmarx, traditional ways of coding education such as long training courses is not effective. The company hopes to redefine secure coding education with Codebashing by providing hands-on interactive training.

 

Read the full article here

Checkmarx acquires security education provider
Application security testing provider Checkmarx announced the acquisition of Codebashing, a app security education company that delivers game like app security training for developers. Together, the companies will provide tools to further developer application security knowledge and deliver secure apps.

According to Checkmarx, traditional ways of coding education such as long training courses is not effective. The company hopes to redefine secure coding education with Codebashing by providing hands-on interactive training.

 

Read the full article here


</close>

Checkmarx snaps up Codebashing to boost secure coding development

24 Jul 2017 | By Charlie Osborne

Checkmarx has acquired Codebashing, an application security training company.

The application security testing firm said on Monday that the deal is expected to improve Checkmarx's training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.

 

Continue reading on ZD Net

Checkmarx has acquired Codebashing, an application security training company.

The application security testing firm said on Monday that the deal is expected to improve Checkmarx’s training and the education of development teams faced with an evolving and rapidly-changing IT environment, especially in relation to cybersecurity.

 

Continue reading on ZD Net


</close>

SQL injection vulnerability found in popular WordPress plugin, again

3 Jul 2017 | By Max Metzger

Nor is it the first time that a vulnerable plugin has provided a route into WordPress. In 2013, Checkmarx released a report showing that 20 percent of WordPress plugins and seven of the top 10 ecommerce plugins were vulnerable to basic web attacks.

If an attacker were to find a list of plugins that a site uses, they could simply run a scan for known vulnerabilities in those plugins. Most recently, researchers found a “severe” SQL injection vulnerability in the gallery management plugin, NextGEN Gallery.

Amit Ashbel, cyber-security evangelist at Checkmarx, told SC Media UK that the popularity of the platform endures in spite of those holes: “Multiple large scale enterprises and SMBs use WordPress because it really does simplify managing and maintaining a web application. The real power of WordPress are its thousands of plugins which are developed by third parties and are there to provide additional functionality.”

Continue reading on SC Media UK

Nor is it the first time that a vulnerable plugin has provided a route into WordPress. In 2013, Checkmarx released a report showing that 20 percent of WordPress plugins and seven of the top 10 ecommerce plugins were vulnerable to basic web attacks.

If an attacker were to find a list of plugins that a site uses, they could simply run a scan for known vulnerabilities in those plugins. Most recently, researchers found a “severe” SQL injection vulnerability in the gallery management plugin, NextGEN Gallery.

Amit Ashbel, cyber-security evangelist at Checkmarx, told SC Media UK that the popularity of the platform endures in spite of those holes: “Multiple large scale enterprises and SMBs use WordPress because it really does simplify managing and maintaining a web application. The real power of WordPress are its thousands of plugins which are developed by third parties and are there to provide additional functionality.”

Continue reading on SC Media UK


</close>