We have just published a new article on our website that discusses the process of achieving a successful SAST (Static Application Security Testing) tool implementation. It covers the various questions and concerns Checkmarx customers face when running evaluations of the available tools in the SAST category.
LDAP Injection (CWE: 90) is an attack allowing the attacker to modify LDAP queries. Recently, I encountered a nice LDAP Injection – and I started asking myself why do we hear so little about such vulnerabilities? I would expect the opposite.
This is really funny! I attended a presentation the other day. The presenter said that in order to avoid SQL Injection for string parameters, it is possible to double quotes.
Directory Traversal Attacks Directory Traversal (CWE: 22) is usually considered a subset of Path Manipulation (CWE: 73). Directory Traversal, also referred to as Path Traversal, attacks occur by manipulating variables with the ‘../’ (dot-dot-slash is another name this attack sometimes goes by) sequences, and attempt to access directories and files stored in a system. Path Directory