Erez Yalon – WindowsTechs.com

Privilege Escalation on Meetup.com Enabled Redirection of Payments

Posted on August 3, 2020 by Erez Yalon

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people with similar interests gather. Ev… Continue reading Privilege Escalation on Meetup.com Enabled Redirection of Payments→

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

Posted on July 8, 2020 by Erez Yalon

As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning security vulnerab… Continue reading Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach→

It’s Time to Update Your Drupal Now!

Posted on June 18, 2020 by Erez Yalon

As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its recently launched SCA solution, the Check… Continue reading It’s Time to Update Your Drupal Now!→

Solidity Top 10 Common Issues

Posted on May 13, 2020 by Erez Yalon

In 2018, we performed our initial research about the current state of security in the context of Smart Contracts, focusing on those written in Solidity “a contract-oriented, high-level language for implementing smart contracts“. At that tim… Continue reading Solidity Top 10 Common Issues→

Breaking Down the OWASP API Security Top 10 (Part 2)

Posted on January 6, 2020 by Erez Yalon

Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the project was designed to help organizations, developers, and application… Continue reading Breaking Down the OWASP API Security Top 10 (Part 2)→

How Attackers Could Hijack Your Android Camera to Spy on You

Posted on November 19, 2019 by Erez Yalon

This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing … Continue reading How Attackers Could Hijack Your Android Camera to Spy on You→

Breaking Down the OWASP API Security Top 10 (Part 1)

Posted on November 6, 2019 by Erez Yalon

As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. From the start, the project was designed to help organizations, developers, and application security teams become mo… Continue reading Breaking Down the OWASP API Security Top 10 (Part 1)→

ReDoS in Go

Posted on May 7, 2018 by Erez Yalon

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurr… Continue reading ReDoS in Go→

The Top 5 Exfiltration Attacks on WebViews

Posted on January 22, 2018 by Erez Yalon

This is part three of a three-part series. Click for part 1 and part 2. WebViews are a huge advantage when […]
The post The Top 5 Exfiltration Attacks on WebViews appeared first on Checkmarx.
The post The Top 5 Exfiltration… Continue reading The Top 5 Exfiltration Attacks on WebViews→

JavaScript Attacks in WebViews

Posted on December 7, 2017 by Erez Yalon

JavaScript is widely used due to its outstanding functionality. Its presence in a website can solve many problems, however it […]
The post JavaScript Attacks in WebViews appeared first on Checkmarx.
The post JavaScript Attacks in WebViews appeare… Continue reading JavaScript Attacks in WebViews→