Privilege Escalation on Meetup.com Enabled Redirection of Payments

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people with similar interests gather. Ev… Continue reading Privilege Escalation on Meetup.com Enabled Redirection of Payments

On the Road to DevSecOps: Securing the Software Driving Mobility

The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and price. S… Continue reading On the Road to DevSecOps: Securing the Software Driving Mobility

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning security vulnerab… Continue reading Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program. The Q&A is as follows: Stephen: Since our… Continue reading The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

It’s Time to Update Your Drupal Now!

As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its recently launched SCA solution, the Check… Continue reading It’s Time to Update Your Drupal Now!

Bringing Your Retail Application Security Strategy Up to Par

It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new experiences, increased level of conveniences, and exciting … Continue reading Bringing Your Retail Application Security Strategy Up to Par

AppSec, the developer way: Transforming security from a “dirty word” to a common practice

In a world where one data breach is all it takes to destroy a business, only the prepared and vigilant ones that embrace security in their operations can prevent disaster. Yet, if you ask most developers about security, they will crease up their faces … Continue reading AppSec, the developer way: Transforming security from a “dirty word” to a common practice

Solidity Top 10 Common Issues

In 2018, we performed our initial research about the current state of security in the context of Smart Contracts, focusing on those written in Solidity “a contract-oriented, high-level language for implementing smart contracts“. At that tim… Continue reading Solidity Top 10 Common Issues

Why “Shift Left” in DevOps is really “Shift Center”

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still t… Continue reading Why “Shift Left” in DevOps is really “Shift Center”

A Message From Our CEO: Checkmarx’s Acquisition & The Road Ahead

We are all living in unconventional and unprecedented times. The entire world is adjusting to the rapidly-changing dynamics brought on by Coronavirus (COVID-19). Here at Checkmarx, we are taking deliberate and preventative measures to protect our globa… Continue reading A Message From Our CEO: Checkmarx’s Acquisition & The Road Ahead