Tag : SQL Injection

eBay-Small

eBay Data Breach: A Big Wake-Up Call for e-Commerce Giants

May 27, 2014 By Sharon Solomon | eBay, the world’s largest and most used eCommerce platform, has suffered a major security breach. More than 100 million users have been affected in what has become this year’s biggest cybercrime so far. It’s still not clear how the intruders gained access to the eBay databases, but this is definitely the right time to bolster application security.
Identity/data theft has become serious problem in recent years. The aforementioned eBay breach is still creating waves as millions of usernames, passwords, phone numbers and physical addresses have been stolen.
“Cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” eBay recently commented. “The company is aggressively investigating the matter.”

</Read More>
iStock_000033496462Small

7 Tips For Choosing The Right Tool To Secure Your Application

May 14, 2014 By Sharon Solomon | With more and more leading applications and websites are being hacked, internet users are thinking twice before sharing personal information online. With hacktivism, commercial espionage and criminal hackings on the rise, it has become extremely crucial to safeguard databases and make sure that adequate application-layer security is in place. Unfortunately, the responsibility for providing this security often falls on the narrow shoulders of the QA teams. Operating under tight deadlines, they already have their hands full and eventually fail to address the glaring security issues. Not all companies have the resources needed to enjoy the services of staff trained to tackle vulnerabilities. Even hiring skilled security professionals is not always “pocket-friendly”. But there is good news. Healthy coding practices and smart vulnerability tool selection can help boost your product’s “immunity” and minimize the need for post-production maintenance.

</Read More>
iStock_000024004901Small-300x300

Web App Attacks: 7 Takeaways from the New Verizon DBIR

Apr 23, 2014 By Sarah Vonnegut | Hackers going after Web applications are getting smarter and faster by automating their malicious tools, and organizations are struggling to keep up. This was among the biggest revelations in Verizons’ 2014 Data Breach Investigations Report. The report analyzed over 63,000 security incidents over the past year, 1,367 of which resulted in a breach. It may come as a surprise to some that PoS intrusion attacks, the cause of the massive Target breach, and similar, subsequent incidents, was not the leading attack vector of the reports’ nine incident patterns. Alas, the award for the most exploited vulnerabilities went to Web applications, which hackers relentlessly went after this year – to the tune of 3,937 incidents and 490 confirmed breaches.

</Read More>
iStock_000019354781XSmall

Kickstarter Website Compromised; InfoSec Executives On Alert

Feb 19, 2014 By Sharon Solomon | The hacks just keep on coming. Kickstarter, arguably the world’s largest crowdfunded website, has joined the list of high-profile casualties. The site suffered a serious data breach that has probably led to the leakage of personal information and data, including encrypted passwords that can easily be cracked. Kickstarter had no idea that their database was compromised until they were alerted by law enforcement officials. The website technical team then patched up the security glitch and asked all users to replace their old passwords with secure ones. It was announced that no credit card data was compromised, but there is no guarantee that the hackers won’t be able to harvest even this data. While still not announced officially, SQL Injections were probably implemented in the intrusion.

</Read More>
iStock_000031987780Small

US-CERT Releases InfoSec Guidelines For 2014 Winter Olympics

Feb 05, 2014 By Sharon Solomon | The 2014 Winter Olympic Games begin on February 6 in Sochi, Russia. While always a spectacular and festive event, the technological aspect brings in numerous Information Security issues. The United States Computer Emergency Readiness Team (Department of Homeland Security) has released a formal advisory ahead of the Sochi Games.

</Read More>
groupon.co_.il-hacked-300x168

What’s HOT in Application Security Vol #37

Nov 20, 2012 By asaphs | Hacktivists reach a new level of cyber terror in Israel
Since the outbreak of hostilities between Gaza and Israel, several Israeli companies as well as those doing business with them have absorbed quite a few cyber attacks. According to various sources, 44 million attacks have been prevented since rockets began falling.

</Read More>
CONTACT_US_BRIDAL

What’s HOT in Application Security Vol #28

Sep 12, 2012 By asaphs | Web hosting company GoDaddy hacked
GoDaddy, the web hosting service provider was hacked on Monday by a supporter of Anonymous, a self-proclaimed group of rogue hackers. The attack also affected many of GoDaddy’s customers. The attack caused GoDaddy and many of the company’s 10.5 million customer’s web sites to go down for several hours on Monday afternoon. The person behind the attack claimed that the GoDadddy and its affiliated sites collapsed under a flood of traffic caused by a DDoS attack.

</Read More>

What’s HOT in Application Security Vol #27

Sep 04, 2012 By asaphs | Could a lack of web application security be affecting your businesses share price?
It has been noted that in larger corporations the linkage of the brand to a string of negative security issues can seriously affect the share price for the worse.

</Read More>
microsoft-logo

What’s HOT in Application Security Vol#26

Aug 27, 2012 By asaphs | Microsoft vulnerable to VPN attack
Microsoft’s MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2) which is used to authenticate users in PPTP-based (Point-to-Point Tunneling Protocol) VPNs has been shown to be vulnerable to hacks according to reports from the recent Defcon conference.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.