Tag : website security

Checkmarx: Challenging The Application Security Field

Nov 05, 2013 By Sarah Vonnegut | This article originally appeared in Israeli publication The Marker. Read it in Hebrew here. 
By Jonathan Raveh
In a world where security breaches can cause enormous daily losses of up to millions of dollars, companies have started to develop a deeper understanding of what it takes to protect and secure the digital side of their operations as tightly as possible.

</Read More>

What’s HOT in Application Security Vol #30

Sep 30, 2012 By asaphs | Hackers breach major Canadian based control system technology supplier
Hackers have within the last few days managed to hack a major Calgary based technology company, Telvent Canada, known to be major suppliers of control systems for electrical grids, public water systems, public transport functions and most of Canada’s oil and pipelines. Insiders say the hacking was substantial enough to warrant the intervention of the Canadian spy service, the RCMP and the federal government’s special cyber response agency.

</Read More>

What’s HOT in Application Security Vol #20

Jul 16, 2012 By Administrator | Yahoo left red-faced after SQL injection vulnerability reveals nearly half a million passwords!
A hacking group who name themselves ‘DD3Ds Company’ have, within the last few days leaked 453,492 yahoo text passwords for Yahoo accounts. DD3Ds Company now claim that they attained the passwords by means of SQL injection against a poorly secured Yahoo subdomain. Security experts have named the it as Yahoo Voices.

</Read More>

What’s HOT in Application Security Vol #17

Jun 25, 2012 By Administrator | PayPal to Grant Money for Reported Vulnerabilities
Asking hackers to report security breaches they find without being rewarded doesn’t seem to work. There has to be some kind of an incentive. EBay, Amazon, Sony and now PayPal will provide security researchers who discover vulnerabilities in its website with money prizes. This encourages hackers to search for security breaches but at the same time, instead of using the vulnerabilities for illegal intentions they could make some money, disclose the vulnerabilities that they find on to their own personal blogs, and possibly make a name for themselves.

</Read More>

What’s HOT in Application Security Vol #16

Jun 18, 2012 By Administrator | WHMCS still vulnerable after latest string of attacks
WHMCS is a UK supplier of technical support and customer service is yet again the victim of a Ddos attack, due to its inability to mend an already known SQL Injection vulnerability. The embarrassment continued for the company in the days following where a hacker was auctioning the rights to abuse the weakness using an underground forum.

</Read More>

Coding Security Into Applications – Secure SDLC

Jun 04, 2012 By Administrator | We wanted to share with you an excellent article written by Richard Janezic from midsizeinsider.com that covers the alarming state of application security, and how many of the current security vulnerabilities can be prevented by dedicating more thought into developing a secure coding methodology utilizing technologies that are available in the marketplace and considerably reduce the complexity of the task at hand.

</Read More>

What’s HOT in Application Security Vol#13

May 21, 2012 By Administrator | The High Price of Web Application Security 
What is the true cost of web application security? One CISO might say ‘My entire security solution cost me $40,000’, another might quote a higher price but many companies will simply answer ‘What is the cost of no application security?’

</Read More>

What’s Hot in Application Security Vol #11

May 09, 2012 By Administrator | Is fear in the Cloud misplaced?
Who’s afraid of the big bad cloud? Everyone apparently! Corporations, Public Companies; the list is endless. Cloud Security is synonymous with problems. When we consider Cloud Security we think about application security and guarding sensitive data. Cloud Security has been one of the things on the front of the minds of IT directors for years as they ponder; how do we migrate data out of the corporate data centers to the cloud?

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.