Tag : sSDLC

Building Secure Applications: How Mature Are You?

Jul 29, 2014 By Sarah Vonnegut | Dave Ferguson is back with another guest blog! Make sure you check out his blog here, and read his original post, ‘Keeping Up With The Hackers: Where to Practice Your Web Hacking Skills,’ here. Testing your software for vulnerabilities is important.  There’s no doubt about it, but if there’s something I’ve learned over the years when it comes to application security, is that you can’t test yourself secure.  The reason is that development teams are writing new code all the time and if your main approach to securing the code is testing, it quickly becomes a never-ending cycle of testing –> fixing –> repeating. This is a lot like treating the symptoms of malady. What you really want is a cure for the malady.

</Read More>

eBay Data Breach: A Big Wake-Up Call for e-Commerce Giants

May 27, 2014 By Sharon Solomon | eBay, the world’s largest and most used eCommerce platform, has suffered a major security breach. More than 100 million users have been affected in what has become this year’s biggest cybercrime so far. It’s still not clear how the intruders gained access to the eBay databases, but this is definitely the right time to bolster application security.
Identity/data theft has become serious problem in recent years. The aforementioned eBay breach is still creating waves as millions of usernames, passwords, phone numbers and physical addresses have been stolen.
“Cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” eBay recently commented. “The company is aggressively investigating the matter.”

</Read More>

Learning from the Experts – How JavaScript and HTML5 Vulnerabilities Affect Application Security

May 20, 2014 By Sharon Solomon | Checkmarx recently sponsored an educational webinar to raise Application Security awareness amongst developers and IT professionals. JavaScript and HTML5 were given special attention in the online event hosted by SecureWorld. The aim was to shed some light on the vulnerabilities created by the integration of new features and functionality into the programming languages. Maty Siman from Checkmarx and LivePerson’s Yair Rovek shared their InfoSec Industry experiences backed by real-time demonstrations. Sam Masiello, Head of Application Security at Groupon, was the moderator. “Insecure code is all around us,” Masiello explained at the beginning of the webinar. “It doesn’t matter if you are running Windows, iOS, Android or Java. These loopholes, if left unpatched, leave your company data vulnerable.”

</Read More>

7 Tips For Choosing The Right Tool To Secure Your Application

May 14, 2014 By Sharon Solomon | With more and more leading applications and websites are being hacked, internet users are thinking twice before sharing personal information online. With hacktivism, commercial espionage and criminal hackings on the rise, it has become extremely crucial to safeguard databases and make sure that adequate application-layer security is in place. Unfortunately, the responsibility for providing this security often falls on the narrow shoulders of the QA teams. Operating under tight deadlines, they already have their hands full and eventually fail to address the glaring security issues. Not all companies have the resources needed to enjoy the services of staff trained to tackle vulnerabilities. Even hiring skilled security professionals is not always “pocket-friendly”. But there is good news. Healthy coding practices and smart vulnerability tool selection can help boost your product’s “immunity” and minimize the need for post-production maintenance.

</Read More>

Checkmarx Heartbleed Vaccination Now Available

Apr 29, 2014 By Sharon Solomon | Checkmarx has now released an update that scans your application source code for the Heartbleed-vulnerable library code.  The Heartbleed vulnerability had affected almost half a million secure web servers, certified by trusted authorities, by the time it was exposed. The bad news is that the problem still exists. More than 2% of the Alexa world top 1,000,000 websites are still susceptible to attack.

</Read More>

No Kidding. 5-Year Old Hacks Dad’s Xbox

Apr 08, 2014 By Sharon Solomon | Hackers and fraudsters are reaching new levels of effectiveness in locating security glitches. Almost any device that can connect to the internet has been proven to be vulnerable. But this time it’s a 5-year old American kid who has exposed a glaring vulnerability in the popular Xbox Live online gaming platform.  

</Read More>

Internet of Fails: Serious Vulnerability Found in Philips Smart TVs

Apr 02, 2014 By Sharon Solomon | Just a couple of decades ago, the Internet of Things (IoT) idea was restricted to sci-fi movies and novels. But the internet revolution has changed everything. Millions of new home appliances are going online on a daily basis, enabling hackers to spread malware, create botnets and harvest sensitive information worldwide.  

</Read More>

ATMs Raided With Ploutus as Windows XP Zero Day Approaches

Mar 31, 2014 By Sharon Solomon | Windows XP will be officially discontinued on 8 April, but the legend platform is far from becoming extinct. 95% of the world’s ATMs are still powered by the 12-year old operating system, opening the door for Ploutus attacks. More and more hackers are using SMS messages to steal money. As informed in our previous Windows XP Update, there are worrying amounts of businesses and workplaces still using the expiring platform. Surprisingly, such outdated systems and networks are not exclusive to poor countries. The biggest problems are expected in the banking industry, with thousands of ATMs still using Windows XP. Upgrading the systems to newer software is going to be a long and costly process. Cybercriminals are already exploiting this issue.

</Read More>

Mobile Friday: Ten Commandments of Android Safety

Mar 21, 2014 By Sharon Solomon | The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.
Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high. Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.