Collaborate Disseminate
According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative HTTP server, tracing, stats, and … Continue reading CVE-2020-35774: twitter-server XSS Vulnerability Discovered
As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November. Today, we’re releasing de… Continue reading Drupal Core: Behind the Vulnerability
Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability
“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can be used to integrate personalization and p… Continue reading Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered
The automation and integration of Application Security Testing (AST) is essential for building out a true DevSecOps program. Automation is the easy part. Invoke a security scanners’ REST API or a command line interface inside a pipeline and you can get… Continue reading Integrating Checkmarx Security Results within GitLab
Overview The Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled and is statically typed as in C (with garbage collection). It has limited structural typing, memory safety features, an… Continue reading Race Conditions Can Exist in Go
When beginning to utilize any new programming language, a frequent obstacle developers face is the sheer lack of secure coding education and training about common pitfalls and coding errors during the language-learning process. The subject of security … Continue reading Welcome to Checkmarx Golang Week!
There’s no denying that today’s digital ecosystem must be protected. But preventing increasingly frequent and severe attacks, which often target customer data and confidential information, requires more out of your organization’s secu… Continue reading Discussing AppSec Policies within DevSecOps
Across industries, developers and DevOps teams rely on routine, repetitive processes to log and manage their software security vulnerabilities. But these processes are often inefficient, and they don’t require creative human thought. Although ope… Continue reading Free your Developers from Mundane Tasks
Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection… Continue reading Checkmarx Research: SoundCloud API Security Advisory