Checkmarx Blog

Whatyouneed2know

What you need to know about Stagefright?

Jul 29, 2015 By Amit Ashbel |   Let’s start with a temporary workaround to avoid becoming infected Open the Hangouts App Hangout App Settings
Click the hamburger menu and select “settings”
Select SMS
Select Hangouts as your default SMS app
Uncheck ‘Auto-retrieve MMS’ Now that we got that out of the way we can start talking about the Stagefright vulnerability itself.
What is Stagefright?
Stagefright is a new vulnerability which was found, reported and announced by Zimperium, an Israeli enterprise mobile security company. The vulnerability can infect a device by simply downloading an MMS message (which happens automatically in most cases). Once infected, the hacker has full control over the phone’s data.
</Read More>
Static Analysis vs Pen Testing

Static Analysis vs Pen Testing – Which One Is Right For You?

Jul 28, 2015 By Sharon Solomon | Penetration (Pen) Testing has long been the go-to tool for organizations looking to safeguard their applications. But the ever-evolving hacking techniques are exposing this aging solution’s shortcomings. The growing consensus in security circles is that applications need to be bolstered from the core – the source code. This is exactly where Static Analysis enters the picture, helping detect application layer vulnerabilities and coding errors.
</Read More>
Must Know Security Buzzwords For

Must Know Security Buzzwords For Application Builders and Defenders

Jul 24, 2015 By Sarah Vonnegut | In security, there is always a new term being thrown around, and it’s important to know what each one means for anyone involved in the spectrum of security management, from CISO to security team to development team. Without the common language, conversations around security could feel altogether foreign for different folks.   Say what you will about buzzwords and how overused they may be, but not knowing them may hold back your organization by not being on top of the industry jargon. If you’re currently building or working to secure applications at your organization,  you really can’t get away without knowing the security buzzwords below. 
</Read More>
Whatyouneed2know

What you need to know – Ashley Madison’s affair with cyber security

Jul 21, 2015 By Amit Ashbel | 37 million users have had their most sensitive details harvested in the latest Ashley Madison hack. A team named the “Impact team” claimed responsibility for the attack however there is no clear knowledge yet as to how the attack was performed. Some of the data was immediately published online by the hackers, however ALM (The Toronto based company which owns the website amongst other websites of similar nature) were able to take down the links/websites pointing to the stolen data.
</Read More>
Untitled design (8)

5 Steps That WILL Raise Your Developers Information Security Awareness

Jul 17, 2015 By Sarah Vonnegut | In the same post where Bruce Schneier famously said that he personally believes “that training users in security is generally a waste of time, and that the money can be better spent elsewhere,” he added an important caveat about training developers. Developers, he wrote, “are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system.”
</Read More>
Internet of Things

Internet of Things (IoT): Hack My Ride

Jul 15, 2015 By Sharon Solomon | Automobiles have come a long way since they were introduced to the masses at the beginning of the 20th century. Once measured by the roar of their engines and the comfort of their seats, today’s cars have metamorphosed into interactive computers on wheels. With the Internet of Things (IoT) phenomenon now taking the world by storm, a wide range of vulnerabilities are being exposed on today’s advanced automobiles. So what is the security situation right now and what can be done to ensure automotive safety going ahead?  
</Read More>
YIT_1

Everybody needs security aware neighbours

Jul 07, 2015 By Amit Ashbel | YIT (Yedioth Information Technologies) is a leading IT company and software house, specializing in internet and mobile solutions. Established 15 years ago as the IT arm of Yedioth Aharonoth Group, in order to supply technology solutions to the entire Group, YIT extensive experience drove its expansion to deliver same expertise to various market leading customers.
</Read More>
RASP vs WAF

RASP vs WAF – 5 Reasons To Pick RASP

Jul 06, 2015 By Sharon Solomon | The Web Application Firewall (WAF) has become a commonly implemented security tool in organizations worldwide. But this popular methodology has many shortcomings that demote it to a capable monitoring tool at best. Fortunately, application security technology is evolving fast. Runtime Application Self-Protection, commonly known as RASP, has all the makings to become the next big vulnerability-buster.  
</Read More>
9 Essential Secure Coding Principles To (1)

9 Secure Coding Practices You Can’t Ignore

Jul 01, 2015 By Sarah Vonnegut | Writing secure code is no longer an option.
 
With financially motivated crime at the top of the web app attack food chain, according to the latest Verizon Data Breach Investigation report, your organization will be hard-pressed to come out on top if you suffer a breach. In order to ensure our organizations and customers are secure, software developers must be able to create code that stands the test of time – only accomplished with proper techniques and a commitment to consistency throughout the organization.
 
</Read More>
Insight1

Checkmarx Receives $84 Million Investment From Insight Venture Partners to Further Accelerate Growth

Jun 25, 2015 By Sarah Vonnegut | Checkmarx, a global leader in software application security, today announced a $84M investment from New York-based venture capital and private equity firm, Insight Venture Partners. The new round of capital will be primarily used to further accelerate growth through product innovation and global expansion.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly
TRY ME
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.