Tag : Application Security

giovanni-vigna

Preparing the Cyber-Cops of Tomorrow: Interview with Giovanni Vigna

Jan 22, 2014 By Sarah Vonnegut | Each year, hundreds of hackers gather in computer labs around the world. Their goal? Like any other hackers, their goal is to manually exploit application and network level flaws in servers across the globe. If it sounds malicious, it’s just because it mimics real world vulnerability exploitations that happen every day. In fact, this specific activity is meant to be educational – and the hackers in question are actually students hacking from their universities.
This year, 123 teams from around the world simultaneously connected to UCSB’s servers from their respective countries for the iCTF ‘Capture the Flag’ competition. The theme was “Nuclear Cyberwar,” and each team was to patch and keep their own nuclear enrichment plant secure before trying to hack other teams’ system by seeking out and exploiting system flaws.
The competition was grown organically out of Vigna’s advanced computer security classes as well as his own experience with CTFs; in fact, his team, Shellfish, won the 2005 DefCon Capture the Flag. As a professor, Vigna would hold a vulnerability analysis contest at semesters’ end, where half the class would act as attacker and the other half defenders. It soon turned into a hacking contest and then became so popular that other professors took notice. The rest is hacking history. The competition has grown from 12 students in the U.S. to 1,300 participants from 40 different countries this year.

</Read More>
iStock_000015841805Small-200x300

DevOps & Security: Top 3 Myths Debunked

Jan 16, 2014 By Sarah Vonnegut | This post is based on our AppSec How-To Paper on Achieving Security in DevOps, which you can access here.
In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it’s a process that continues to get more streamlined, faster and more efficient – and your deployments will be that much better if they’re also fully secure before release time comes.

</Read More>

And The Winner of AppSecTip 2014 is….

Jan 01, 2014 By Sarah Vonnegut | Our #AppSecTip survey was a smashing success, thanks to the many amazing security pros who added their best pieces of AppSec advice! After two months of voting and some very close calls, we have finally arrived at the big announcement. So who takes the awesome AR Drone prize home?
Drum roll, please……

</Read More>
iStock_000031576982Small-300x219

This Week in AppSec: December 23–29, 2013

Dec 29, 2013 By Sarah Vonnegut | Christmas week did not exactly bring out the best in some this year – especially when it came to breaches and vulnerabilities. Between Target’s mess of 40M customer records breached, Snapchat’s security fail, Samsung’s vulnerability and Dogecoin’s first hack on Christmas Day, the last full week of 2013 was not Application Security’s best. Let’s take a look, shall we?

</Read More>
iStock_000020855515Small-300x225

This Week In Application Security: December 16-22, 2013

Dec 22, 2013 By Sarah Vonnegut | If we’re measuring it in cyber-drama, it’s certainly a holiday season to remember!  The past week saw what is potentially the most damaging data breach of 2013 with over 40 million Target customers at risk of credit fraud. On top of that, a major media site got hit for the third time in the same number of years, Israeli-security firm RSA had an NSA kind of week, and a report exposed a newly discovered type of side channel attack using just your computer sound to decrypt sensitive data.

</Read More>
Deloitte

Checkmarx Reaching New Heights – Now Second Highest Ranked Security Company In 2013 Deloitte Fast 500

Dec 16, 2013 By Sharon Solomon | Checkmarx is breaking all barriers. The Israeli IT Security firm has stormed into the Deloitte top-500 fastest growing EMEA companies, taking 69th place overall in the 2013 rankings. Technology Top 500 is a unique ranking research project, conducted annually by Deloitte Touche Tohmatsu Limited (DTTL). Technology, telecommunications, software and internet companies are scanned and studied during the ranking process. Both private and public sector concerns are eligible for evaluation.

</Read More>
iStock_000012867450Small-300x224

Application Security News – December 9 – 15, 2013

Dec 15, 2013 By Sarah Vonnegut | In this week’s AppSec digest, NSA agents spy on World of Warcraft Orcs, Facebook acts like a Nosy Nancy, Gmail auto-downloads all your advertise – I mean images, and CryptoLocker copycats emerge. Get informed about the latest news in security and start your week out fresh.

</Read More>
iStock_000023444420XSmall

Hacker’s Paradise – New Virus Transfers Stolen Data Using Inaudible Sounds

Dec 06, 2013 By Sharon Solomon | Air-Gap Jumping Communication. Networkless hacking. Sci-fi movie themes are now turning into reality. German researchers Michael Hanspach and Michael Goetz have created what can potentially become the driving force behind the next-gen malware. Security experts be warned – offline computing is not going to be safe for long. 

</Read More>
iStock_000011717477XSmall1-300x260

5 Ways To Protect Your Work Cyberspace

Nov 18, 2013 By Sharon Solomon | With hackers compromising virtually every software platform that exists, it’s time for all of us to step up our cyber security awareness. Security issues are crucial especially at work establishments, where sensitive information and data are susceptible to attack.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.