Tag : SQL Injection

drupal-262x300

Analysis of Drupal Security Vulnerabilities

Aug 16, 2012 By Administrator | Drupal is a free and open-source content management system (CMS) and content management framework (CMF) written in PHP and distributed under the GNU General Public License. It is used as a back-end system for at least 2.1% of all websites worldwide ranging from personal blogs to corporate, political, and government sites including whitehouse.gov and data.gov.uk. It is also used for knowledge management and business collaboration.

</Read More>
budget-savings-m

What’s HOT in Application Security Vol#23

Aug 06, 2012 By asaphs | Top security expert notes hackers aiming for cross-platform vulnerabilities
An increasing amount of hackers are aiming to use cross-platform malware to attack both Microsoft and Apple application vulnerabilities. Hackers tend to favor third party applications that run on both Macs and Windows such as Adobe PDF, Adobe Flash, Java as well as others.

</Read More>
Anonymous-Mask

What’s HOT in Application Security Vol #22

Jul 31, 2012 By asaphs | Game publisher Ubisoft in hot water due to serious security threat
Ubisoft is a household name synonymous with fantastic, exciting games and also with a zero tolerance approach to game piracy. The company has been plagued with problems recently after the Uplay network has been absolutely overloaded with issues; outages, technical issues and now security!

</Read More>
darpa

What’s Hot in Application Security Vol #21

Jul 23, 2012 By asaphs | DARPA funded hacking device ready for release
The Defense Advanced Projects Research Agency (DARPA) has just finished funding a new device called The Power Pwn. The new device which is cunningly concealed as a regular power strip is anything but! The new device is actually a Hacking tool for launching remotely-activated WI-Fi, Bluetooth and Ethernet attacks.

</Read More>

What’s HOT in Application Security Vol #20

Jul 16, 2012 By Administrator | Yahoo left red-faced after SQL injection vulnerability reveals nearly half a million passwords!
A hacking group who name themselves ‘DD3Ds Company’ have, within the last few days leaked 453,492 yahoo text passwords for Yahoo accounts. DD3Ds Company now claim that they attained the passwords by means of SQL injection against a poorly secured Yahoo subdomain. Security experts have named the it as Yahoo Voices.

</Read More>

What’s HOT in Application Security Vol #19

Jul 09, 2012 By Administrator | Cyber Attacks on ATM and online banking are at an all time high
Cyber Attacks which are aimed at online banking applications are at an all time high, according to several security experts. Unsurprisingly, almost one third of all attacks were aimed at banks which reside in the Gulf, where the banks are swelling with oil money and where small amounts of money missing from accounts are likely to go un-noticed.

</Read More>
Application-Security-News-Thumbnail

What’s HOT in Application Security Vol #18

Jul 02, 2012 By Administrator | What are the Top Flaws in Web Applications?
When it comes to security, web applications are consistently the most vulnerable to penetration. Here are some of the top flaws in web applications:

</Read More>

What’s HOT in Application Security Vol #16

Jun 18, 2012 By Administrator | WHMCS still vulnerable after latest string of attacks
WHMCS is a UK supplier of technical support and customer service is yet again the victim of a Ddos attack, due to its inability to mend an already known SQL Injection vulnerability. The embarrassment continued for the company in the days following where a hacker was auctioning the rights to abuse the weakness using an underground forum.

</Read More>
239px-SDLC_-_Software_Development_Life_Cycle-resized-600

Coding Security Into Applications – Secure SDLC

Jun 04, 2012 By Administrator | We wanted to share with you an excellent article written by Richard Janezic from midsizeinsider.com that covers the alarming state of application security, and how many of the current security vulnerabilities can be prevented by dedicating more thought into developing a secure coding methodology utilizing technologies that are available in the marketplace and considerably reduce the complexity of the task at hand.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.