Check Point Software TechnologiesCyber Security workshopcybersecurityGlilot Capital Partnersstronger togetherThe Israel National Cyber Directorate Cyber Security Workshop: Stronger Together Nov 13, 2018 by Shahar Alon Last week at Checkmarx we hosted an official delegation from Thüringen, Germany for a Cyber Security workshop organized by Checkmarx, AHK Israel, and LEG Thüringen, the State Development Corporation, under the theme “Stronger Together.” The workshop was designed to serve as a knowledge exchange platform between all participating parties from Israel and Germany, at all Read More › Check Point Software TechnologiesCyber Security workshopcybersecurityGlilot Capital Partnersstronger togetherThe Israel National Cyber Directorate
application security toolsApplication security trainingappsec educationAppSec education programappsec-aware culturedeveloper trainingSecure Development Training Program How Can You Get More from Your AppSec Education Program? Nov 9, 2018 by Kurt Risley Forbes recently published an article titled “The Cybersecurity Talent Gap Is An Industry Crisis” – and without question, there’s a real lack of cybersecurity talent. Cybersecurity Ventures predicts about 3.5 million unfilled cybersecurity job openings by 2021! The need for cybersec talent is undeniable. According to Gemalto, data breaches compromised 4.5 billion records in just Read More › application security toolsApplication security trainingappsec educationAppSec education programappsec-aware culturedeveloper trainingSecure Development Training Program
application security toolsBest practicesDeveloper EducationDevOpskey threatsopen source security testingsoftware securitysoftware security program Managing Software Security: 10 Essential Best Practices [Infographic] Nov 7, 2018 by Haidee LeClair Is your software security program up to the challenges of a rapidly accelerating software delivery environment? Most aren’t – and it’s challenging to both identify the problems and determine the best ways to manage software security in a DevOps environment. Learn some of the essential best practices for managing software security now. Educate Your Team Read More › application security toolsBest practicesDeveloper EducationDevOpskey threatsopen source security testingsoftware securitysoftware security program
binary patchingcode tamperingCycriptdynamic memory modificationExtraneous FunctionalityFridaInsecure CommunicationInsecure Direct Object Referenceslocal resource modificationmethod hookingmethod swizzlingMobile bankingOWASP Mobile Security Testing GuideReverse Engineering iOS AppsSwift (More) Common Security Mistakes when Developing Swift Apps – Part II Nov 2, 2018 by Paulo Silva In my post last week I shared common security mistakes developers make when building Swift applications – covering insecure data storage, symmetric key algorithms, insecure communication and more. If you haven’t read it, please take a few minutes to review this information. It’s critical to understand these mistakes as well as the ones I’m sharing Read More › binary patchingcode tamperingCycriptdynamic memory modificationExtraneous FunctionalityFridaInsecure CommunicationInsecure Direct Object Referenceslocal resource modificationmethod hookingmethod swizzlingMobile bankingOWASP Mobile Security Testing GuideReverse Engineering iOS AppsSwift
AjaxBrendan Eichcomponent languageECMAECMA-262ECMAScriptEuropean Computer Manufacturers AssociationInternet ExplorerJavaJavaScriptJavaScript HistoryJavascript Secure Coding PracticesJScriptLiveScriptMochaNetscape Navigatorscripting languageweb browsers The History of JavaScript [INFOGRAPHIC] Oct 30, 2018 by Arden Rubens Brendan Eich, a Netscape Communications Corporation programmer, created JavaScript in September 1995. It took Eich only 10 days to develop the scripting language, then known as Mocha.Let’s step back to look at this complex JavaScript history. Why Put the Java in JavaScript? When Eich created JavaScript in 1995, he created it for Netscape Navigator and Read More › AjaxBrendan Eichcomponent languageECMAECMA-262ECMAScriptEuropean Computer Manufacturers AssociationInternet ExplorerJavaJavaScriptJavaScript HistoryJavascript Secure Coding PracticesJScriptLiveScriptMochaNetscape Navigatorscripting languageweb browsers
Certificate PinningCryptographydata storageInsecure CommunicationInsecure Data StorageKeychainOWASP 2016 Mobile Top 10SSL CertificatesSwiftSymmetric Key Algorithms Common Security Mistakes when Developing Swift Applications – Part I Oct 21, 2018 by Paulo Silva Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many others at Apple Inc., Swift is a general-purpose, multi-paradigm, compiled programming language. Although first released as a proprietary programming language, version Read More › Certificate PinningCryptographydata storageInsecure CommunicationInsecure Data StorageKeychainOWASP 2016 Mobile Top 10SSL CertificatesSwiftSymmetric Key Algorithms
air gapair gappingair-gapped systemsAndroidAndroid's NFC designattack surfacedata exfiltrationdata leaksnear field communicationNFCNFC frequencyNFC radioNFCdripRFIDvulnerable IoT objects Meet NFCdrip – a New Security Concern for Air-Gapped Systems Oct 18, 2018 by Haidee LeClair Air-gapping means physically isolating a secure computer from unsecured networks, such as the public Internet or an unsecured local area network. The concept of air-gapping represents just about the maximum protection one network can have from another, other than actually turning off the device. Typically, military or governmental computer systems, financial computer systems, industrial control Read More › air gapair gappingair-gapped systemsAndroidAndroid's NFC designattack surfacedata exfiltrationdata leaksnear field communicationNFCNFC frequencyNFC radioNFCdripRFIDvulnerable IoT objects
HTTPSMan in the MiddleMitMpublic Wi-Fipublic Wi-Fi securitypublic wireless securitySSLvirtual private networkVPN 10 Tips to Take Control of Your Public Wi-Fi Security Oct 17, 2018 by Guy Cohen The amazing ability to surf from anywhere sometimes distracts us from a very basic fact: the information may flow to us – but it can flow from us, in other, undesirable directions.So whether you are on your way to a vacation in a city that offers public Wi-Fi or you live in a city that Read More › HTTPSMan in the MiddleMitMpublic Wi-Fipublic Wi-Fi securitypublic wireless securitySSLvirtual private networkVPN
Best practicesDevOpsDevOps toolsDevOps workflowssecurity trainingssoftware security program Learn 10 Key Tips to Make Your Software Security Program Thrive Oct 11, 2018 by Liora R. Herman The DevOps era brings together skyrocketing complexity with white-hot speed of delivery to create growing value and responsiveness in software design. Companies such as Amazon deploy code every 11 seconds, while Facebook executes 50,000 builds each day. With so much complexity and speed, the risk of security vulnerabilities slipping through the cracks is magnified intensely. Read More › Best practicesDevOpsDevOps toolsDevOps workflowssecurity trainingssoftware security program
chromecontent security policyEdgeFIrefoxhash generationInternet ExplorerSafariSRISubresource Integritythird-party resourcesTrust in Security What’s in Your Website? Lurking Risk from Third-party Resources Oct 9, 2018 by João Morais Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, third-party resources provide important functional or business value. When organizations are asked how they’re addressing the potential security risks, the people responsible for Read More › chromecontent security policyEdgeFIrefoxhash generationInternet ExplorerSafariSRISubresource Integritythird-party resourcesTrust in Security