Tag : Application Security

Open Source Component Security

How Secure Are Your Open Source Components?

Mar 25, 2016 By Sarah Vonnegut | For organizations around the world, open source code has allowed faster time to market, decreased the workload for developers and lowered costs for the organization. The ability for great minds from around the world to come together on a piece of code has given us Linux, Mozilla Firefox, WordPress, and hundreds of thousands of other projects in daily use.
  Yet, for all the positive open source components bring to the table, there is a dark side. For hackers, open source components are a goldmine. Unlike with custom applications developed in organizations, if a hacker finds just one critical vulnerability in the open source code, they can attack any of the hundreds of thousands of systems that use that component in their applications. Just last month, a buffer overflow vulnerability was discovered in the glibc library, allowing attackers to remotely execute malicious code.

</Read More>

Internet of Things (IoT) – Hack My Army

Mar 14, 2016 By Sharon Solomon | It’s now common knowledge that the Internet of Things (IoT) revolution has infiltrated our homes, cars and offices. But even defense forces are going online, with more and more weaponry being operated remotely with the help of dedicated applications. Unfortunately, this has provided politically and criminally motivated hackers with new targets to manipulate. Is the modern army really prepared to fight off the bad guys? Let’s find out.

</Read More>
Blog Headers (5)

RSA Conference 2016: AppSec Track Impressions

Mar 13, 2016 By Amit Ashbel | 2 weeks ago I attended RSA Conference 2016 in San Francisco. I had the chance to attend multiple talks in the AppSec track and listen to what the other vendors, thought-leaders and experts had to say. In a nutshell, all talks and discussions revolved around how to get the developers engaged with the security process. Buy them in, get their participation and educate them. I couldn’t help thinking to myself how all of these things have been on Maty’s and Checkmarx’s agenda for over 10 years.

</Read More>
Application Security Vulnerabilties

Understanding Application Security Vulnerabilities: Part One

Mar 04, 2016 By Sarah Vonnegut | As hackers start attacking our applications more and more, it is imperative that organizations begin treating security testing with the same enthusiasm they give to quality testing. Just like if there are major functionality issues or a feature isn’t working the product doesn’t ship – the same attitude needs to go for deploying  with major application security vulnerabilities.   This requires a shift in the company culture that makes security seen as everyone’s responsibility – not just the security teams. One of the best ways to help facilitate that change is to spread security awareness among the different stakeholders, educating them in how to take responsibility for security in their jobs.   For CISOs, it may be discussions around the ROI of security testing; for non-technical employees that may include security awareness courses on how to avoid phishing campaigns. For developers, that education needs to be a bit more in depth – developers, after all, are the ones writing the code that needs to be better secured.  

</Read More>
Code Analysis Tools

Static Code Analysis Tools – The AppSec Checklist

Mar 03, 2016 By Sharon Solomon | You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to your organization. Hence, a successful application security program involves picking the right solution for your technical needs, along with features needed for full engagement.

</Read More>
HTML5 Security

All You Wanted To Know About HTML5 Security

Feb 15, 2016 By Sharon Solomon | With Google officially dropping Flash ad support in favor of HTML5, the security aspect of this relatively young programming and scripting language has become extremely crucial. Being a web-based application always invites cybercrime, which means that code integrity is very important. The following article will lay down the most important Application Program Interface (API) coding practices that developers must adopt to boost HTML5 security.

</Read More>
OSI Model

Application Layer Security Within the OSI Model

Feb 04, 2016 By Sharon Solomon | With more and more high-profile hackings taking place in recent years, application security has become the call of the hour. But while the awareness is on the rise, not all security officers and developers know what exactly needs to be secured. One aspect that is often overlooked during development is application layer security. The following article will delve into this very aspect and show how crucial it is to protect applications inside-out.

</Read More>

Israeli IT Prodigies Visit Checkmarx HQ

Jan 27, 2016 By Sharon Solomon | Checkmarx is continuing its tradition of hosting the brightest programming and computing minds from Israel’s leading academic institutions. This year it was a group of young kids who are currently honing their skills at the Tel Aviv University (TAU). They are a part of a special program that will enable them to complete their college degree by the age of 18. Here are a few highlights from their visit at the Checkmarx headquarters in Tel Aviv.

</Read More>
Smart City

Internet of Things (IoT) – Hack My Smart City

Jan 21, 2016 By Sharon Solomon | The modern metropolitan is becoming more and more computerized. Mega computers are running the show in more ways that can be comprehended – traffic signals, electricity networks, water supply pipes, public transport services and other civil utilities. While the Smart City concept is improving the standards of urban services, how safe really is it for us? How can these automated systems stay safe from hackers and cyberattacks?

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.