Checkmarx Blog

blog-retail

The Season of Retail Hacks

Jan 15, 2017 By Arden Rubens | Vera Bradley, fashion retail brand, is one of the many recent cybercrime victims. This luggage and handbag design company revealed that earlier this year, payment systems at multiple locations were hacked, and that an unknown number of personal payment cards used by customers may have been compromised.   With this hack, Vera Bradley joined the large group of retail companies targeted and then successfully attacked by hackers. The group of victim companies includes many heavy hitters such as Target, Home Depot, and Neiman Marcus.
Read More »
General Data Protection Regulation

General Data Protection Regulation: A Short Guide to Data Security in the GDPR

Jan 09, 2017 By Sarah Vonnegut | A new wave of privacy and security reform is about to sweep through Europe – and it affects most of the world, as well.   After years of back-and-forth and heated discussions about the current state of data security, the European Union has adopted a new data protection framework, called the General Data Protection Regulation, or GDPR. This Regulation is a totally new legal framework for how personal data is used and processed, and applies well beyond the borders of Europe.
Read More »
SECURITY COMPLIANCE

MISRA C: Security Compliance from the Streets to the Skies

Jan 08, 2017 By Paul Curran | The Motor Industry Software Reliability Association (MISRA) is an organization whose mandate is “to provide assistance to the automotive industry in the application and creation within vehicle systems of safe and reliable software.” MISRA’s steering committee steering is made up of a mixture of automotive manufactures, such as Ford and Jaguar, component suppliers as well as The University of Leeds.   While MISRA is commonly known for it’s safety and security standards for the automotive industry, this organization produces comprehensive software guidelines which aim to standardize code safety, security and reliability in software used in a variety of sectors.  
Read More »
Cyber Attacks 2016

2016: The Year in Cyber Attacks [INFOGRAPHIC]

Dec 29, 2016 By Arden Rubens | 2016 has been littered with hacks, breaches and big discoveries of major vulnerabilities. From hundreds of millions in leaked stolen data to the hacks which influenced the US Presidential Election, this year has been very, very busy in terms of cyber attacks. 
Read More »
Cyber Threats Facing APAC

Cyber Threats Facing APAC – Government

Dec 27, 2016 By Arden Rubens |  
According to report by Deloitte, Singapore, Australia, Japan, New Zealand, and South Korea are the top five countries vulnerable to cyber attacks in APAC, with the stats showing them as nine times more vulnerable to cyber attacks relative to China and India. However, with the amplifying amount of cyber-attacks and a growing cyber-war in the region, organizations (primarily governmental) are waking up to the fact that they need a strong defence and means of protection against cyber security attacks.
 
Though, as the cyber security world is constantly evolving, many major government sites and databases are failing to keep up with the latest security trends and do not apply the proper protection to their assets; proving that, when breached, the damage can be colossal.
Read More »
Tips to Secure SDLC

Quick Tips To Secure Your SDLC

Dec 22, 2016 By Arden Rubens | Applications have become as complex as ever, and with the constant evolution and advancement of applications, cyber threats have become of the biggest risks that organizations today face – and as most of the past cyber attacks on organizations teach us, those risks can be absolutely disastrous. Therefore, along with the increased business risks and concerns correlating with insecure software, the attention from organizations is significantly more focused on building securely.
 
Read More »
owasp standards

From McAfee to Verizon: Violations of the OWASP Standards Making the Headlines

Dec 20, 2016 By Paul Curran | The Open Web Application Security Project (OWASP) Web Top 10 list has long been the “Gold Standard” for application security testing and when it comes to the Web Top 10, the OWASP standards are due for an update in 2017.   Typically, this list is updated and adjusted every three years (as it was in 2007, 2010 and 2013) to account for changes in the threat landscape for web applications, however, the current OWASPWeb Top 10 has not been updated since 2013. 
Read More »
cyber threats facing apac part 1

Cyber Threats Facing APAC – Finance

Dec 15, 2016 By Arden Rubens | Technology is undoubtibly a major part of the modern day world; with such widespread use and with more private information and data exchanged, the risks of cyber attacks increases – as does the damage levels which come as a result. As many different corners of the world are under constant threat by hackers worldwide, let’s take a closer look at one of the most dynamic technological landscapes – APAC (Asia Pacific) – and its’ areas under constant cyber threat.
 
Asia Pacific is quickly gaining on the rest of the world as a leader in information technology. According to Gartner, Singapore, Malaysia, Indonesia and Thailand are among the countries to invest the most in IT, in addition to quickly adopting technologies such as IT outsourcing, the hybrid cloud, and the Internet of Things, therefore putting the region as whole on the IT map. But with the huge increase in technology and internet usage, comes new and prominent cyber threats.
Read More »
copy-of-copy-of-copy-of-900px-x-500px-untitled-design-1

Checkmarx vs Veracode: AppSec Predictions

Dec 12, 2016 By Maty Siman | Following Joseph Feiman’s post on the Veracode blog, Application Security Predictions for 2017 and Beyond, we are glad to see that a significant number of his predictions aligned with the trends that we have both seen and continue to act on, however when it comes to certain predictions, our perspective is notably different.   Joseph’s predictions focus on adapting security testing solutions to the fast-paced development environments that are increasingly dominating the application development landscape. Therefore, security testing solutions should enable organizations to perform analysis at the earliest stage of the SDLC, specifically during development and ideally by developers.   Let’s review Veracode’s predictions while demonstrating how and why Checkmarx’s perspective differs:
Read More »
industrial cyber threats

Securing the Energy Sector against Industrial Cyber Threats

Dec 08, 2016 By Paul Curran | Late in 2015, just over a month before hackers plunged over 230,000 residents in the Western Ukraine into darkness for 6 hours, Forbes forecasted what they considered to be the biggest cybersecurity threat: The Energy Sector.   They were right, and remain correct as the exploits and vulnerabilities of 2016 become the major challenges of 2017.   Due to prevalence of unpatched legacy systems, the high cost of proper security along with the fact that many energy providers cannot afford the downtime to update their systems, the energy vertical is becoming an increasingly attractive target for hackers.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

REQUEST A DEMO

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.