Checkmarx Blog

Application Security Resources

21 Application Security Resources No Developer Should Be Without

Dec 11, 2015 By Sarah Vonnegut | The truth of the matter is, you have no idea what will happen to your code once your application is released. Your code may be used again down the line, it may be altered – and it will most certainly be used in ways you never imagined. Can you start to see why security does actually play an important role in organizations which develop applications?   Luckily, if you’re in a position where you interact with code, you have a direct way to help better secure our applications and devices. And with that power comes responsibility – the responsibility of playing your part in helping secure the world’s software.   To help get those working with code a boost in your security education, we’ve curated a collection of application security resources to assist any developer, wherever you are on your journey into the arduous (yet rewarding) world of application security. Because when it comes to Application Security, your education is never complete.
Read More »
Cloud Application Security

All You Wanted To Know About Cloud Security

Dec 09, 2015 By Sharon Solomon | The IT world is advancing at an astonishing pace. Just a few years ago data was stored physically on databases and software was managed manually. But today more and more organizations are gravitating towards cloud based solutions for their computing needs. While being extremely convenient, cheap and hassle-free, insecure programming can lead to a plethora of vulnerabilities and loopholes that can spell disaster if exploited maliciously.
Read More »
Mobile Payment App Security

New To Mobile Payment Security? Here’s What You Need To Know

Dec 04, 2015 By Sarah Vonnegut | The demand for paying with mobile devices may have gotten off to a slow start, especially in the United States, but the next few years will see the mobile payment landscape explode – IDC estimates that by 2020 the global mobile payment market will be worth nearly $4 trillion.   From paying bills and transferring money to friends and family, paying for coffee before we enter Starbucks, to ordering clothes, food, cabs, and other services – all done through our mobile devices – the landscape for mobile payments has dramatically increased – and security has been left in the dust.
Read More »
Whatyouneed2know

What you need to know – Vtech hacked, but why??

Nov 30, 2015 By Amit Ashbel | What was stolen?
On November 24th, VTech Holdings detected unauthorized access to customer data housed on their Learning Lodge app store database.  The breach occurred on November the 14th – 10 days before it was even detected.
Read More »
Web Application Firewalls

Web Application Firewalls (WAFs): Ethical Hacker Exposes His Secrets

Nov 18, 2015 By Sharon Solomon | In an age where cybercrime is escalating exponentially, picking the right security solution has become extremely crucial. Web Application Firewalls (WAFs) are highly regarded by many leading InfoSec experts, but Pakistani ethical hacker and AppSec expert Rafay Baloch thinks otherwise. To make matters more interesting, he also has the required expertise and POCs to back up his claims.  
Read More »
Blog Headers (1)

DevSecOps: 4 Best Practices the Pros Teach Us About Security and DevOps

Nov 13, 2015 By Sarah Vonnegut | Developers and engineers all around the world are deploying code hundreds of thousands of times a day. Hundreds of millions of lines of code are churned out on a monthly basis, and it’s only going to get faster. Yet the security industry continues to kick our feet about DevOps.   But security teams can’t afford to continue the tip-toeing act we’ve been doing around DevOps. We need to find a way to better integrate our security needs within DevOps processes – and we need to do it fast.  DevOps is here, and it’s up to the security team to determine how security processes and tools will fit into the mix – or risk being edged out.  
Read More »
Secure iOS App Development

40 Tips You Must Know About Secure iOS App Development

Nov 10, 2015 By Sharon Solomon | The iPhone is arguably the most desired smartphone on the planet today, thanks to its shiny metallic hardware and user-friendly iOS 9 mobile platform. Despite Google leading the numbers-game with its open-source Android mobile platform, iOS is often considered to be the safer of the two due to Apple’s stricter security policy and its willingness to sacrifice customizability for the cause. But even this platform has its fair share of vulnerabilities and potential security loopholes that need to be addressed by the developers.
Read More »
Mobile security press roundup-01

The State of Mobile Application Security Press Roundup

Nov 08, 2015 By admin | Think Apple apps are safer than Android? Think again Amanda Schupak, CBS News Apple has a good reputation for security. But a new report finds that its good reputation could be working against it. Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft. Continue Reading Which is safer – iPhone or Android?  Gabriel Avner, Geektime A report that cybersecurity experts Checkmarx and AppSec Labs released today has found a set of critical flaws in how developers are writing code for mobile apps that could put a lot of people at risk. Over the course of the past year, these two companies carried out an audit of hundreds of mobile apps, testing them for vulnerabilities. Among those reviewed were banking apps and others containing essential personal information. Continue Reading
Read More »
apple vs android-01

Think Apple apps are safer than Android? Think again.

Nov 08, 2015 By admin | Apple has a good reputation for security. But a new report finds that its good reputation could be working against it. Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft. Checkmarx marketing vice president Asaph Schulman called the results “nothing short of alarming” and said that if app developers don’t institute better coding practices, “we should expect an increase of major hacks…in the near future.” Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease. When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities — 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple’s focus on security. Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple’s App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts. “Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain,” said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm. Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations. Read the full article here. 
Read More »
Blog Headers

13 More Hacking Sites to (Legally) Practice Your InfoSec Skills

Nov 06, 2015 By Sarah Vonnegut | Read the first post, 15 Vulnerable Sites to (Legally) Practice Your Hacking Skills here.   There’s a well-known saying that before you judge someone you should always “walk a mile in the other person’s shoes.”  You can’t get the full picture behind a person without first living like they do and understanding what goes on in their heads.     In organizations around the world, there’s a big push to be more “security aware,” and it’s an important part of our jobs. We’re defenders, and we have a big job to do in making sure our applications and systems are secure from any threat that might come at us. But there’s another side to being good at defending your applications and systems. Those dealing with security also need to “walk a mile in the other persons shoes” – but in our case, it’s about understanding the attackers side not so we can empathize, but so we can minimize the risks posed by and to our applications.   
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.