Tag : Vulnerability

blog-a-simple-coding-error-put-millions-of-smartphone-users-at-risk-what-you-need-to-know

A Simple Coding Error Put Millions of Smartphone Users at Risk: What You Need to Know

Nov 15, 2017 By Arden Rubens | As many as 180 million smartphone users are at risk of having texts and calls hijacked by hackers – all due to a simple coding error in at least 685 different mobile apps. A warning was released by the cybersecurity firm Appthority late last week. According to Appthority, the vulnerability (known as Eavesdropper) could let hackers inside an app to access confidential knowledge, without the user knowing.  

</Read More>
blog-is-your-childrens-data-safe-from-the-mitm

Is Your Child’s Data Safe From The Man In The Middle?

Oct 24, 2017 By Dafna Zahger | With a whopping 2.2 billion gamers and $46.1B in revenue for mobile games (42% of the market), chances are you and\or your loved ones play mobile games. Children are no exception, according to a Nielsen research piece from earlier this year, most children get their own mobile phone between ages 10 – 12. It seems that we have grown accustomed to the dangers of mobile hacks and breaches, but when it comes to children’s safety, do we raise the flag often enough? Many of the mobile games that are most popular among children and teens are highly vulnerable, almost inviting hackers into our, and our children’s lives.  

</Read More>
keys to avoiding data security breaches

Keys to Avoiding Data Security Breaches

Nov 17, 2016 By Arden Rubens | Data security breaches and exploits continuously make headlines as online organizations and applications are under constant attack by cyber criminals. The number of data breaches are increasing drastically year to year putting millions of people at risk of identity theft and fraud. A consequential data breach has the power to wreck company assets while taking down whole organizations by releasing sensitive data and embarrassing emails, so it only makes sense for an organization to take all necessary steps to protect its data. Data breaches can occur from a variety of different scenarios ranging from large scale cyber attacks and hacking techniques to malicious activity within a system as the result of a portable device, system outage or error, and poor or non-existent security policies. That being said, the most common cause of data security breaches is weak or stolen passwords. In fact, according to Verizon’s “2015 Data Breach Investigations Report”, a whopping 76% of network intrusions occurred as a result of weak credentials. Hackers crack passwords with the help of specific tools and techniques or by using malware or phishing attacks. Once the right password is in the wrong hands, it is game over for the company and the user alike.  Here are some keys to help you avoid data breaches.

</Read More>
White Box vs Black Box

White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms?

Mar 28, 2016 By Amit Ashbel | When I feel ill, I take a trip to my doctor.  At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor).
The Black Box approach
The doctor’s initial prognosis for a regularly healthy person is usually based on visible symptoms and information reported by the patient. A runny nose could indicate a simple cold. However, it can also indicate the flu, allergies, sinusitis, deviated septum and sometimes, it could even indicate pregnancy. If symptoms don’t persist or increase in severity, the doctor will maintain their prognosis and assign a standard treatment.

</Read More>
Code Analysis Tools

Static Code Analysis Tools – The AppSec Checklist

Mar 03, 2016 By Sharon Solomon | You have finally decided to fight cybercrime and protect your application. Great. But picking correctly from the wide range of static code analysis tools available on today’s market has become a challenging task. Besides being ineffective in locating application layer vulnerabilities, picking the wrong solution can lead to developer disengagement, which is the worst thing that can happen to your organization. Hence, a successful application security program involves picking the right solution for your technical needs, along with features needed for full engagement.

</Read More>
Online Banking Security

All You Wanted To Know About Online Banking Security

Jan 17, 2016 By Sharon Solomon | Gone are the days when people frequented their banks to get their errands done. With more and more banking activities being performed online via web and mobile applications, the security risks are rising exponentially. But are banks and financial institutions doing enough to safeguard our privacy and financial assets? What are the risks and what role do application developers play in providing online banking security? Let’s take a closer look.

</Read More>
Whatyouneed2know

What You Need to Know – Instagram Hacked

Dec 20, 2015 By Amit Ashbel | What was stolen?   An independent security researcher was able to hack Instagram servers and gain access to basically all of Instagram’s secret material.  Wesley Weinberg, was able to put his hands on everything from Instagram’s source code through credentials to email servers, SSL certificates and personal data of employees and users. As part of Facebook’s bounty program, Weinberg started analyzing the Instagram systems to quickly realize he had stumbled on something big.

</Read More>
Image

Pakistani Ethical Hacker Reveals How He Exposed Android Vulnerabilities

Oct 21, 2014 By Sharon Solomon | Hackers are often viewed as modern-day pirates. While mostly true due to the security hazards they create, ethical hackers actually are very helpful in actually improving security standards. Most of these security experts perform these actions simply for the benefit of the community. Rafay Baloch is one such ethical hacker.   Baloch, also known as Pakistan’s “Top Ethical Hacking Prodigy”, has been in the headlines recently for exposing two vulnerabilities in Android’s stock (AOSP) browser. These security loopholes allow hackers to steal the mobile user’s session cookie, enabling them to perform a wide variety of malicious actions including identity theft.   The Pakistani AppSec expert, currently an undergraduate student who spends his free time honing his research skills, was also kind enough to take Checkmarx’s questions and provide an in-depth view into how he revealed the aforementioned vulnerabilities in the world’s most popular mobile OS.  

</Read More>
iStock_000031576982Small-300x219

This Week in AppSec: December 23–29, 2013

Dec 29, 2013 By Sarah Vonnegut | Christmas week did not exactly bring out the best in some this year – especially when it came to breaches and vulnerabilities. Between Target’s mess of 40M customer records breached, Snapchat’s security fail, Samsung’s vulnerability and Dogecoin’s first hack on Christmas Day, the last full week of 2013 was not Application Security’s best. Let’s take a look, shall we?

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.