Collaborate Disseminate
Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the project was designed to help organizations, developers, and application… Continue reading Breaking Down the OWASP API Security Top 10 (Part 2)
Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes in software security practices… Continue reading 2019 – Checkmarx Research Roundup
Injection vulnerabilities are one of the oldest exploitable software defects, which unfortunately are still prevalent today. Doing a simple search on cve.mitre.org com for the term injection returns with over 10,852 injection-related vulnerabilities in… Continue reading Injection Vulnerabilities – 20 Years and Counting
Well, to be honest, I don’t hate them. However, upgrading software, any software, isn’t always a simple task. To start with, organizations often need to write up a statement of work (SOW) designed to explain the entire upgrade process, taki… Continue reading Why I Hate Software Upgrades
This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing … Continue reading How Attackers Could Hijack Your Android Camera to Spy on You
Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 as a list of common identifiers for publicly-known cybersecur… Continue reading Combating the Continuous Development of Vulnerable Software
As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. From the start, the project was designed to help organizations, developers, and application security teams become mo… Continue reading Breaking Down the OWASP API Security Top 10 (Part 1)
If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on Struts 2 and stole hundreds of millions of PII records…. Continue reading The Hacker vs. Struts 2 Game – It Appears it has No Ending
Introduction Security Aspects of Android Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Li… Continue reading NFC False Tag Vulnerability – CVE-2019-9295
It’s no hidden secret that an increased level of training and education is both one of the biggest needs and shortcomings in the cybersecurity industry. Organizations are falling victim to cyberattacks more frequently than ever before and the ram… Continue reading Power to the Players: 3 Tips for Gamifying Your Cybersecurity Training