Checkmarx is a Leader in the 2021 Gartner Magic Quadrant for Application Security Testing

Technical Blog

Take a peek into what the Checkmarx Application Security Research Team is up to by
keeping up with their blogs on the vulnerabilities, exploits, mitigation techniques
and secure coding best practices. 

The 0xDABB of Doom: CVE-2021-25641

Introduction When I previously wrote the original Dubbo publication, we disclosed that issue as it was mitigated by the vendor. While the Dubbo “HTTP” protocol in that disclosure was trivially vulnerable to the most common Java deserialization attacks (as evidenced by the immediate cropping up of exploits for Dubbo as soon as a very broad

Read More ›

Exploitable Path – How To Solve a Static Analysis Nightmare

In my previous blog, I walked you through the reasoning and importance of the Exploitable Path feature in Checkmarx SCA solution. We discussed the challenges of prioritizing vulnerabilities in open source dependencies and defined what it means for a vulnerability to be exploitable: The vulnerable method in the library needs to be called directly or

Read More ›

Solving ISA’s 2021 Web Challenges

Being part of the Checkmarx SCA Research Team who supports our next-gen Software Composition Analysis (SCA) solution, my team members and I often participate in Capture the Flag (CTF) types of competitions to hone our skills and share our knowledge with the rest of the team. Not only are we expected to be skilled defenders,

Read More ›

Software Composition Analysis: Why Exploitable Path is Imperative

If you look at the way code is written today vs. a few years back, one of the major changes is the transition to open source. What was once considered an unsafe methodology has grown and matured, and nowadays almost every software project uses open source libraries. Today, software engineers prefer to use existing open

Read More ›

Jump to Category