Checkmarx Blog

static code analysis

Static Code Analysis: Binary vs. Source

Nov 21, 2017 By Dafna Zahger | “The application security testing market is growing rapidly … This is the highest growth of all tracked information security segments, as well as the overall global information security market” – Gartner’s 2017 Magic Quadrant.   Within the broad and ever growing application security realm, code analysis has become a standard which is practiced by leading companies across markets and fields. This leads to a variety of Static Code Analysis solutions: the technique of automatically analyzing an application’s source and binary code to find security vulnerabilities.
Read More »
blog-android-webview_-secure-coding-practices

Android WebView: Secure Coding Practices

Nov 16, 2017 By Erez Yalon | This is part one of a three-part series. Click here to read part two.  Nowadays, there is no doubt that mobile applications have changed the world in a big way. Just look at the interaction habits, for example the way people socialize as individuals or in a group has changed as what was once far away is now at our fingertips.   There is an infinite number of applications and resources available to millions of users. And as these numbers grow, security concerns raise as well.  
Read More »
blog-a-simple-coding-error-put-millions-of-smartphone-users-at-risk-what-you-need-to-know

A Simple Coding Error Put Millions of Smartphone Users at Risk: What You Need to Know

Nov 15, 2017 By Arden Rubens | As many as 180 million smartphone users are at risk of having texts and calls hijacked by hackers – all due to a simple coding error in at least 685 different mobile apps. A warning was released by the cybersecurity firm Appthority late last week. According to Appthority, the vulnerability (known as Eavesdropper) could let hackers inside an app to access confidential knowledge, without the user knowing.  
Read More »
blog-october-infographoc

October 2017: Top Hacks and Breaches [INFOGRAPHIC]

Nov 02, 2017 By Arden Rubens | Another month, another absurd amount of data breached. The start of October saw an update in one of the most notorious data breaches of all time: Yahoo said in a statement that all 3 billion of its accounts were hacked in data breach which occurred in 2013. This tripled the original number of thought accounts breached, which already holds the record of data breached.
Read More »
blog-is-your-childrens-data-safe-from-the-mitm

Is Your Child’s Data Safe From The Man In The Middle?

Oct 24, 2017 By Dafna Zahger | With a whopping 2.2 billion gamers and $46.1B in revenue for mobile games (42% of the market), chances are you and\or your loved ones play mobile games. Children are no exception, according to a Nielsen research piece from earlier this year, most children get their own mobile phone between ages 10 – 12. It seems that we have grown accustomed to the dangers of mobile hacks and breaches, but when it comes to children’s safety, do we raise the flag often enough? Many of the mobile games that are most popular among children and teens are highly vulnerable, almost inviting hackers into our, and our children’s lives.  
Read More »
blog-south-african-breach-1

South Africa’s Biggest Data Breach: What You Need To Know

Oct 23, 2017 By Arden Rubens | A trove of data containing the personal information of more than 60 million South African citizens has been breached in the biggest data breach to hit South Africa. The breach was discovered by security researcher and creator of Have I Been Pwned, Troy Hunt.  
Read More »
blog-microservices

Continuous Security Testing for Microservices

Oct 18, 2017 By Dafna Zahger | Being a part of today’s tech-industry, you probably notice all winds blowing towards the implementation of DevOps and CI\CD methodologies, and rightfully so. Today’s software developers face an ever growing need for speedy development-to-production cycles with uncompromising security and reliability. One way of facing the speed versus quality challenge is the introduction of microservices.  
Read More »
blog-3-ways-to-prevent-xss

3 Ways to Prevent XSS

Oct 09, 2017 By Sarah Vonnegut | When we discuss vulnerabilities in applications, there are different categories that we come across. Some vulnerabilities are extremely common yet allow for little or no damage should an attacker discover and exploit them, while others are incredibly rare but can have major, lasting impact on the organizations behind the attacked application. Then, there’s the third category: Common and deadly. Cross-Site Scripting,  commonly shortened to XSS, is one of the most common vulnerabilities found in applications, and can cause serious damage given the right time and the right attacker.  
Read More »
blog-mobile-hacks-infog

Top Mobile Hacks of 2017 [INFOGRAPHIC]

Oct 02, 2017 By Arden Rubens | Happy October! And we all know what that means… Cooler weather, fuzzy sweaters, pumpkin spiced everything, and National Cyber Security Awareness Month (NCSAM). In honor of NCSAM, we’re taking a dive into the world of mobile and will be sharing ways to keep your developers #CyberAware so that you don’t fall victim to some of the threats, hacks, and breaches we’re discussing in this blog post.
Read More »
blog-why-you-need-automated-security-in-an-agile-software-environment

Why You Need Automated Security in an Agile Software Environment

Sep 25, 2017 By Sarah Vonnegut | Today’s business cycles require faster and more innovative results more than ever before in order to stay competitive. As organizations have started speeding up their time to market, they quickly realized the waterfall methodology was no longer working, and responded with the creation and adoption of rapid application development methodologies. One of those methodologies, agile software development is arguably the most popular of these methodologies, and has been adopted by thousands of organizations around the world.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.