Tag : static code analysis

open-source-static-code-analysis-security-tools

The Ultimate List of Open Source Static Code Analysis Security Tools

Nov 13, 2014 By Sarah Vonnegut | Doing security the right way demands an army – of developers, security teams, and the tools that each uses to help create and maintain secure code.   With the increasingly important mindset of creating quality, secure code from the start, we’ve seen a greater shift towards the adoption of tools designed to detect flaws as quickly as possible in the software development lifecycle (SDLC).   One of those tools is static code analysis. The true strength of static source code analysis (SCA) is in quickly and automatically checking everything “under the hood” without actually executing the code. Because it works to discover issues that can be hard to discover manually, it’s a perfect companion to the human eye. Even the most senior security people still miss security flaws. After all – we are still human, so the combination of machine and man make for better coverage.

</Read More>
iStock_000036603448Small1

Internet of Fails: Serious Vulnerability Found in Philips Smart TVs

Apr 02, 2014 By Sharon Solomon | Just a couple of decades ago, the Internet of Things (IoT) idea was restricted to sci-fi movies and novels. But the internet revolution has changed everything. Millions of new home appliances are going online on a daily basis, enabling hackers to spread malware, create botnets and harvest sensitive information worldwide.  

</Read More>
iStock_000019668000Small

Mobile Friday: Ten Commandments of Android Safety

Mar 21, 2014 By Sharon Solomon | The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.
Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high. Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.

</Read More>
iStock_000034723050Small

Bitcoin Crashing Due To Steep Rise in Cybercrime

Mar 19, 2014 By Sharon Solomon | The Bitcoin bandwagon has stalled. The value of the Cryptocurrency skyrocketed in 2013, but a downward trend is being witnessed this year. Investors and traders wishing to see Bitcoins in the mainstream e-commerce scene will probably have to wait a little longer.
Besides the glaring lack of regulation and worrying price volatility, cybercriminal activity has put a huge dent in the digital currency’s credentials. The hacking techniques are not new, nor are the vulnerabilities found in the Bitcoin exchanges.
More and more Bitcoin exchanges are being exploited with the help of malware and common phishing techniques. Coinbase and Flexcoin are just two of many Bitcoin platforms that have fallen prey to hackers and fraudsters.

</Read More>
iStock_000025138182Small-300x199

3 Key Benefits of Automating Your Source Code Review

Mar 18, 2014 By Sarah Vonnegut | Automation has taken the business world by storm. We automate everything, from marketing to manufacturing and everything in between, and it often pays off: greater ROIs, higher productivity, less overworked employees. In application security, the same can be true. As web applications have become the essence of business in almost every industry, the risks have increased. While we will always need code reviewers, pen testers and security teams for areas requiring human intelligence, for the business side or otherwise, automating your source code analysis is a step towards higher security. Let’s look at the top 3 reasons why you should be automating your code review process.

</Read More>
iStock_000031268648Small

Cridex Banking Trojan Still Alive and Kicking

Mar 12, 2014 By Sharon Solomon | The Cridex Banking Trojan is wreaking havoc in Europe, especially in Germany. Hackers are implementing the traditional phishing methodology to trick victims into compromising their banking information. The Cridex malware has now officially overtaken the ZeuS Trojan and its clones thanks to the recent activity spike. Six different URL schemes are being used to cover-up the spam campaigns. The malicious mails are masked with graphics and text from German commercial giants such as Telekom (almost half of the infected URLs), Volksbank, Vodafone and also NTTCable.

</Read More>
Mati-Blog

Checkmarx Recognizes Young Israeli Talent At The Technion

Dec 20, 2013 By Sharon Solomon | The Technion has been Israel’s leading engineering institute for decades, providing the nation’s booming IT industry with great talent. This week the university’s Department of Computer Science hosted a unique “Start-Up Day”, sponsored by Checkmarx and six other software companies.  The Checkmarx delegation was led by the company’s CTO, Mati Siman. Besides engaging in chats with curious students, he gave an informative lecture about the company’s products and the advantages of Source Code Analysis.

</Read More>
Deloitte

Checkmarx Reaching New Heights – Now Second Highest Ranked Security Company In 2013 Deloitte Fast 500

Dec 16, 2013 By Sharon Solomon | Checkmarx is breaking all barriers. The Israeli IT Security firm has stormed into the Deloitte top-500 fastest growing EMEA companies, taking 69th place overall in the 2013 rankings. Technology Top 500 is a unique ranking research project, conducted annually by Deloitte Touche Tohmatsu Limited (DTTL). Technology, telecommunications, software and internet companies are scanned and studied during the ranking process. Both private and public sector concerns are eligible for evaluation.

</Read More>
iStock_000017757979XSmall

Stop the Neglect – Scan Your Source Code Before You Regret

Dec 11, 2013 By Sharon Solomon | Hacktivism, commercial malware and criminal exploitation have become the norm in today’s cyberspace. This worrying trend has magnified the need for a comprehensive testing solution that can be integrated into the SDLC. Enter Source Code Analysis (SCA).

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.