Technical Blog

Take a peak into what the Checkmarx Application Security Research Team is up to by
keeping up with their blogs on the vulnerabilities, exploits, mitigation techniques
and secure coding best practices. 

ReDoS in Go

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features.   In this blog post, we will recap Go’s security posture facing Regular Expression Denial of

Read More ›

Decrypting JobCrypter

Ransomware has been a growing issue for some time now. It has evolved into a big business, moving millions of dollars yearly from victims’ pockets into those of attackers. The modus operandi of ransomware authors is to infect your machine through any vector (phishing, drive-by browser exploits, waterholing, etc.) and then proceed to encrypt your important files.

Read More ›

The Top 5 Exfiltration Attacks on WebViews

This is part three of a three-part series. Click for part 1 and part 2.    WebViews are a huge advantage when it comes to portability. But at what cost?   By allowing Web content to interact with native functions, a window of attack possibilities is opened. Old versions of Android (until API 17) allowed Remote Code

Read More ›

JavaScript Attacks in WebViews

This is part two of a three-part series. Click for part 1 and part 3.    JavaScript is widely used due to its outstanding functionality. Its presence in a website can solve many problems, however it can also introduce critical security issues. It is this very compromise that has to be carefully analyzed in the decision of allowing or

Read More ›

Jump to Category