Checkmarx Blog

blog_the-forrester-sast-wave

The Forrester SAST Wave: A Tale of Customer Betrayal

Dec 12, 2017 By Moshe Lerner | Checkmarx leads the SAST market and displays the most significant and impressive growth in the industry. Nevertheless Forrester have placed Checkmarx in the “Strong contenders” section in their 2017 SAST Wave.   The Forrester SAST Wave process exposes Forrester’s lack of market understanding when it comes to SAST and misleads its readers. Questionable ethics during the process and lack of market familiarity can be found across the report and even more concerning is that fact validation is based on product documentation only with no reference customer surveys. In this blog post, we describe, explain and demonstrate why Forrester Wave fails to reflect the SAST market.
Read More »
blog-smart-cities_-can-my-city-be-hacked_

Smart Cities: Can My City be Hacked?

Dec 11, 2017 By Sarah Vonnegut | Our connected devices make life easier on us as individuals, and the conveniences afforded to us by connecting technology to the physical world around us are compounded when we expand the reach from individuals to a greater population, – entire cities.   While cities have been adapting new technologies that connect the physical world to the digital world for decades, the rate at which they do so is reaching new heights, and the technologies themselves are far more advanced. These technologies, and the greater amount of connectivity they allow for, are opening cities up for the greater good…as well as the greater evil.  
Read More »
blog-javascript-attacks-in-webviews

JavaScript Attacks in WebViews

Dec 07, 2017 By Erez Yalon | This is part two of a three-part series. Click here to read part one. 
  JavaScript is widely used due to its outstanding functionality. Its presence in a website can solve many problems, however it can also introduce critical security issues. It is this very compromise that has to be carefully analyzed in the decision of allowing or not allowing JavaScript to be executed in WebView.   Some of the most aggressive JavaScript attacks will be presented in this blog post for awareness; with development teams in mind and as a contribution to the safe code propagation.  
Read More »
blog-a-closer-look_-owasp-top-10-application-security-risks

A Closer Look: OWASP Top 10 2017 – Application Security Risks

Dec 03, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Application Security Risks according to OWASP.
Read More »
blog-november-infographic

November 2017: Top Hacks and Breaches [INFOGRAPHIC]

Dec 01, 2017 By Arden Rubens | Recent research confirms that a third of the internet is under attack, with millions of network addresses subjected to DDoS attacks over a two year period (source). And as I write these monthly hacks and breaches reviews, this statement comes as no surprise. Just because it’s officially the holiday season, it doesn’t mean that hackers will be slowing down. Here’s a roundup of some of November’s notable hacks and breaches.  
Read More »
blog-owasp-infographic

INFOGRAPHIC: OWASP Top 10 Application Security Risks

Nov 30, 2017 By Arden Rubens | The OWASP Top 10 Application Security Risks 2017 (PDF) is out. The list takes a good look at the most critical application security risks facing organizations and developers today, with the big goal of raising awareness, upping the knowledge, and helping security teams and developers release secure applications. 
Read More »
static code analysis

Static Code Analysis: Binary vs. Source

Nov 21, 2017 By Dafna Zahger | “The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant.   Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading companies across markets and fields. This leads to a variety of Static Code Analysis solutions: the technique of automatically analyzing an application’s source and binary code to find security vulnerabilities.
Read More »
blog-android-webview_-secure-coding-practices

Android WebView: Secure Coding Practices

Nov 16, 2017 By Erez Yalon | This is part one of a three-part series. Click here to read part two.  Nowadays, there is no doubt that mobile applications have changed the world in a big way. Just look at the interaction habits, for example the way people socialize as individuals or in a group has changed as what was once far away is now at our fingertips.   There is an infinite number of applications and resources available to millions of users. And as these numbers grow, security concerns raise as well.  
Read More »
blog-a-simple-coding-error-put-millions-of-smartphone-users-at-risk-what-you-need-to-know

A Simple Coding Error Put Millions of Smartphone Users at Risk: What You Need to Know

Nov 15, 2017 By Arden Rubens | As many as 180 million smartphone users are at risk of having texts and calls hijacked by hackers – all due to a simple coding error in at least 685 different mobile apps. A warning was released by the cybersecurity firm Appthority late last week. According to Appthority, the vulnerability (known as Eavesdropper) could let hackers inside an app to access confidential knowledge, without the user knowing.  
Read More »
blog-october-infographoc

October 2017: Top Hacks and Breaches [INFOGRAPHIC]

Nov 02, 2017 By Arden Rubens | Another month, another absurd amount of data breached. The start of October saw an update in one of the most notorious data breaches of all time: Yahoo said in a statement that all 3 billion of its accounts were hacked in data breach which occurred in 2013. This tripled the original number of thought accounts breached, which already holds the record of data breached.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.