Tag : Vulnerability


Application Security News – December 9 – 15, 2013

Dec 15, 2013 By Sarah Vonnegut | In this week’s AppSec digest, NSA agents spy on World of Warcraft Orcs, Facebook acts like a Nosy Nancy, Gmail auto-downloads all your advertise – I mean images, and CryptoLocker copycats emerge. Get informed about the latest news in security and start your week out fresh.

</Read More>

Checkmarx: Challenging The Application Security Field

Nov 05, 2013 By Sarah Vonnegut | This article originally appeared in Israeli publication The Marker. Read it in Hebrew here. 
By Jonathan Raveh
In a world where security breaches can cause enormous daily losses of up to millions of dollars, companies have started to develop a deeper understanding of what it takes to protect and secure the digital side of their operations as tightly as possible.

</Read More>

What’s HOT in Application Security Vol #40

Jan 14, 2013 By asaphs | Shape Security: Getting Down to the Root of Hacking
When treating an illness, it is generally more effective to treat the source of the problem rather than the symptoms. Shape Security is trying to do the same in the field of website security. While all other products are geared towards a faster, cheaper, and better way of preventing and stopping attackers, Sumit Agarwal, co-founder and vice president of Shape claims that they are “striking at the core mechanics of how those things work and making them harder to do in the future” by focusing on cutting edge attackers and crimeware ecosystem. Basically, it won’t be “offensive security” but defensive security, making it harder and more costly to do any damage.

</Read More>

What’s HOT in Application Security Vol #38

Dec 03, 2012 By asaphs | Hacking Group ‘Anonymous’ attacks Syrian Government websites In Response To Syrian Internal Internet Blackout
In response to a Syrian government move which has closed all fax, phone and Internet lines coming out of the troubled country, the hacking group ‘Anonymous’ started last Friday to attack and shut down government and affiliated pro-Syrian websites.

</Read More>

What’s HOT in Application Security Vol #20

Jul 16, 2012 By Administrator | Yahoo left red-faced after SQL injection vulnerability reveals nearly half a million passwords!
A hacking group who name themselves ‘DD3Ds Company’ have, within the last few days leaked 453,492 yahoo text passwords for Yahoo accounts. DD3Ds Company now claim that they attained the passwords by means of SQL injection against a poorly secured Yahoo subdomain. Security experts have named the it as Yahoo Voices.

</Read More>

What’s HOT in Application Security Vol #17

Jun 25, 2012 By Administrator | PayPal to Grant Money for Reported Vulnerabilities
Asking hackers to report security breaches they find without being rewarded doesn’t seem to work. There has to be some kind of an incentive. EBay, Amazon, Sony and now PayPal will provide security researchers who discover vulnerabilities in its website with money prizes. This encourages hackers to search for security breaches but at the same time, instead of using the vulnerabilities for illegal intentions they could make some money, disclose the vulnerabilities that they find on to their own personal blogs, and possibly make a name for themselves.

</Read More>

What’s HOT in Application Security Vol #16

Jun 18, 2012 By Administrator | WHMCS still vulnerable after latest string of attacks
WHMCS is a UK supplier of technical support and customer service is yet again the victim of a Ddos attack, due to its inability to mend an already known SQL Injection vulnerability. The embarrassment continued for the company in the days following where a hacker was auctioning the rights to abuse the weakness using an underground forum.

</Read More>

Coding Security Into Applications – Secure SDLC

Jun 04, 2012 By Administrator | We wanted to share with you an excellent article written by Richard Janezic from midsizeinsider.com that covers the alarming state of application security, and how many of the current security vulnerabilities can be prevented by dedicating more thought into developing a secure coding methodology utilizing technologies that are available in the marketplace and considerably reduce the complexity of the task at hand.

</Read More>

Flame Burns Right Through Windows Application Security

May 30, 2012 By Administrator | This week the cyber warfare stakes in the Middle East were raised a few notches when a Kaspersky Lab (Link) anti-virus expert discovered the Flame virus, which many have dubbed the most advanced and sophisticated cyber weapon ever unleashed. The Flame espionage worm, a previously unknown piece of malware was at the heart of a campaign to delete classified information from computers throughout the Middle East.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.