Tag : Application Security

Monetary Authority of Singapore (MAS) Embraces SAST

Nov 15, 2013 By Sharon Solomon | Application security in Financial Information Systems (FIS) has become a must in today’s malicious cyberspace. Due to the wide range of solutions in the market, many software executives find it hard to pick the right defense strategy for their systems, which contain highly sensitive details and valuable information.

</Read More>

Microsoft releases Security Advisory, Windows Users at Risk

Nov 08, 2013 By Sharon Solomon | In a sudden turn of events, Microsoft has released a Security Advisory regarding vulnerability in some of its most common software versions. This security flaw can allow hackers to execute codes remotely by gaining full access to user’s computers.

</Read More>

Checkmarx: Challenging The Application Security Field

Nov 05, 2013 By Sarah Vonnegut | This article originally appeared in Israeli publication The Marker. Read it in Hebrew here. 
By Jonathan Raveh
In a world where security breaches can cause enormous daily losses of up to millions of dollars, companies have started to develop a deeper understanding of what it takes to protect and secure the digital side of their operations as tightly as possible.

</Read More>

“It will never happen to me”- thoughts about security awareness

Mar 28, 2013 By carolineb | Today’s targeted cyber-attacks force organizations to act rapidly and involve more and more security professionals in order to secure their software. Security education awareness focuses on the need to involve developers in the security testing process. These are great blog posts surrounding security awareness and education; we thought it’s worth a share.

</Read More>

What’s HOT in Application Security Vol #40

Jan 14, 2013 By asaphs | Shape Security: Getting Down to the Root of Hacking
When treating an illness, it is generally more effective to treat the source of the problem rather than the symptoms. Shape Security is trying to do the same in the field of website security. While all other products are geared towards a faster, cheaper, and better way of preventing and stopping attackers, Sumit Agarwal, co-founder and vice president of Shape claims that they are “striking at the core mechanics of how those things work and making them harder to do in the future” by focusing on cutting edge attackers and crimeware ecosystem. Basically, it won’t be “offensive security” but defensive security, making it harder and more costly to do any damage.

</Read More>

Wishing you a Season’s Greeting and a Happy New Year!

Dec 18, 2012 By carolineb | [slideshare id=15656023&doc=happynewyear-121216025521-phpapp01]
For the first time ever, Checkmarx conducted a comprehensive survey of security professionals,
their peers and family to see exactly how this profession is perceived… View full screen & Enjoy!
Download poster:
Happy New Year!

</Read More>

What’s HOT in Application Security Vol #39

Dec 13, 2012 By asaphs |
2013 Threat Predictions
This past week, one of the frontrunners in high-performance network security announced their predictions for the top threats of 2013. The following are highlights of the top 3. 1. Advanced Persistent Threats (APTs) – Generally known to target specific classified information by using various methods and vectors, this coming year they are predicted to target high-powered civilians such as CEOs, celebrities, and politicians. This prediction will be hard to verify since the attacker could easily remove the malware undetected and those who become aware will probably keep it hidden from the media anyway. The targeted information is likely to be used for criminal activities such as blackmail. 2. Two Factor Authentication – It seems as if one password is not enough to be secure these days. Anyone could easily download a program which can crack an alpha-numeric password no problem. Next year, we’ll likely see more web-based logins that will require a password plus a secondary password which will be either sent via SMS or a stand-alone security token. 3. Targeting Machine-to-Machine (M2M) Communications – M2M communications allow wireless and wired machines to communicate with other devices which can solve many human error problems. However, the security of these systems is still questionable. Hacking into M2Ms has not been seen yet, but this is likely to happen next year unless there is improvement in their security. For more information visit http://www.equities.com/news/headline-story?dt=2012-12-10&val=807181&cat=goods.

</Read More>

What’s HOT in Application Security Vol #38

Dec 03, 2012 By asaphs | Hacking Group ‘Anonymous’ attacks Syrian Government websites In Response To Syrian Internal Internet Blackout
In response to a Syrian government move which has closed all fax, phone and Internet lines coming out of the troubled country, the hacking group ‘Anonymous’ started last Friday to attack and shut down government and affiliated pro-Syrian websites.

</Read More>

What’s HOT in Application Security Vol #37

Nov 20, 2012 By asaphs | Hacktivists reach a new level of cyber terror in Israel
Since the outbreak of hostilities between Gaza and Israel, several Israeli companies as well as those doing business with them have absorbed quite a few cyber attacks. According to various sources, 44 million attacks have been prevented since rockets began falling.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.