Checkmarx Blog


Smart Cities: Can My City be Hacked?

Dec 11, 2017 By Sarah Vonnegut | Our connected devices make life easier on us as individuals, and the conveniences afforded to us by connecting technology to the physical world around us are compounded when we expand the reach from individuals to a greater population, – entire cities.   While cities have been adapting new technologies that connect the physical world to the digital world for decades, the rate at which they do so is reaching new heights, and the technologies themselves are far more advanced. These technologies, and the greater amount of connectivity they allow for, are opening cities up for the greater good…as well as the greater evil.  
Read More »

JavaScript Attacks in WebViews

Dec 07, 2017 By Erez Yalon | This is part two of a three-part series. Click for part 1 and part 3. 
  JavaScript is widely used due to its outstanding functionality. Its presence in a website can solve many problems, however it can also introduce critical security issues. It is this very compromise that has to be carefully analyzed in the decision of allowing or not allowing JavaScript to be executed in WebView.   Some of the most aggressive JavaScript attacks will be presented in this blog post for awareness; with development teams in mind and as a contribution to the safe code propagation.  
Read More »

A Closer Look: OWASP Top 10 2017 – Application Security Risks

Dec 03, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Application Security Risks according to OWASP.
Read More »

November 2017: Top Hacks and Breaches [INFOGRAPHIC]

Dec 01, 2017 By Arden Rubens | Recent research confirms that a third of the internet is under attack, with millions of network addresses subjected to DDoS attacks over a two year period (source). And as I write these monthly hacks and breaches reviews, this statement comes as no surprise. Just because it’s officially the holiday season, it doesn’t mean that hackers will be slowing down. Here’s a roundup of some of November’s notable hacks and breaches.  
Read More »

INFOGRAPHIC: OWASP Top 10 Application Security Risks

Nov 30, 2017 By Arden Rubens | The OWASP Top 10 Application Security Risks 2017 (PDF) is out. The list takes a good look at the most critical application security risks facing organizations and developers today, with the big goal of raising awareness, upping the knowledge, and helping security teams and developers release secure applications. 
Read More »
static code analysis

Static Code Analysis: Binary vs. Source

Nov 21, 2017 By Dafna Zahger | “The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant.   Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading companies across markets and fields. This leads to a variety of Static Code Analysis solutions: the technique of automatically analyzing an application’s source and binary code to find security vulnerabilities.
Read More »

Android WebView: Secure Coding Practices

Nov 16, 2017 By Erez Yalon | This is part one of a three-part series. Click here to read part two.  Nowadays, there is no doubt that mobile applications have changed the world in a big way. Just look at the interaction habits, for example the way people socialize as individuals or in a group has changed as what was once far away is now at our fingertips.   There is an infinite number of applications and resources available to millions of users. And as these numbers grow, security concerns raise as well.  
Read More »

A Simple Coding Error Put Millions of Smartphone Users at Risk: What You Need to Know

Nov 15, 2017 By Arden Rubens | As many as 180 million smartphone users are at risk of having texts and calls hijacked by hackers – all due to a simple coding error in at least 685 different mobile apps. A warning was released by the cybersecurity firm Appthority late last week. According to Appthority, the vulnerability (known as Eavesdropper) could let hackers inside an app to access confidential knowledge, without the user knowing.  
Read More »

October 2017: Top Hacks and Breaches [INFOGRAPHIC]

Nov 02, 2017 By Arden Rubens | Another month, another absurd amount of data breached. The start of October saw an update in one of the most notorious data breaches of all time: Yahoo said in a statement that all 3 billion of its accounts were hacked in data breach which occurred in 2013. This tripled the original number of thought accounts breached, which already holds the record of data breached.
Read More »

Is Your Child’s Data Safe From The Man In The Middle?

Oct 24, 2017 By Dafna Zahger | With a whopping 2.2 billion gamers and $46.1B in revenue for mobile games (42% of the market), chances are you and\or your loved ones play mobile games. Children are no exception, according to a Nielsen research piece from earlier this year, most children get their own mobile phone between ages 10 – 12. It seems that we have grown accustomed to the dangers of mobile hacks and breaches, but when it comes to children’s safety, do we raise the flag often enough? Many of the mobile games that are most popular among children and teens are highly vulnerable, almost inviting hackers into our, and our children’s lives.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.