Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

Technical Blog

Take a peek into what the Checkmarx Application Security Research Team is up to by
keeping up with their blogs on the vulnerabilities, exploits, mitigation techniques
and secure coding best practices. 

NFCdrip: Data Exfiltration Research in Near Field Communication

NFCdrip: Data Exfiltration Research in Near Field Communication

Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless payment systems use NFC devices, including smartphones, and are similar to those used in credit cards and electronic ticket smartcards. Social networking and

Read More ›

Get Freebies by Abusing the Android InApp Billing API

Get Freebies by Abusing the Android InApp Billing API

Security researchers started talking about vulnerabilities in the Android InApp Billing API years ago, but we found it worthwhile to take another look to see how it has improved (or not) and verify the best way to build security into the application. The Android InApp Billing API is a powerful part of the Android framework that allows

Read More ›

Smart Bulb Offers Light, Color, Music, and... Data Exfiltration?

Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?

Smart bulbs are widely known as a successful offering in home automation and IoT products, as they are internet-capable light bulbs that allow home users to customize the colors, schedule on and off times, and control them remotely. Some even play music and could improve your sleep. Any device that can wireless connect with phone

Read More ›

Navigation Apps: Leading the Way? Or Following You?

Navigation Apps: Leading the Way? Or Following You?

In the United States alone, 84% of adults are using navigation applications, according to a recent Gallup poll. Whether they’re downloading it in an app store or the navigation capability is already built into the car, these navigation tools are taking us to the grocery store, to our grandparents’ house, to job interviews, and everywhere

Read More ›

(More) Common Security Mistakes when Developing Swift Apps - Part II

(More) Common Security Mistakes when Developing Swift Apps – Part II

In my post last week I shared common security mistakes developers make when building Swift applications – covering insecure data storage, symmetric key algorithms, insecure communication and more. If you haven’t read it, please take a few minutes to review this information. It’s critical to understand these mistakes as well as the ones I’m sharing

Read More ›

Common Security Mistakes when Developing Swift Applications – Part I

Common Security Mistakes when Developing Swift Applications – Part I

Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many others at Apple Inc., Swift is a general-purpose, multi-paradigm, compiled programming language. Although first released as a proprietary programming language, version

Read More ›

Meet NFCdrip – a New Security Concern for Air-Gapped Systems

Meet NFCdrip – a New Security Concern for Air-Gapped Systems

Air-gapping means physically isolating a secure computer from unsecured networks, such as the public Internet or an unsecured local area network. The concept of air-gapping represents just about the maximum protection one network can have from another, other than actually turning off the device. Typically, military or governmental computer systems, financial computer systems, industrial control

Read More ›

What’s in Your Website? Lurking Risk From Third-party Resources

What’s in Your Website? Lurking Risk from Third-party Resources

Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, third-party resources provide important functional or business value. When organizations are asked how they’re addressing the potential security risks, the people responsible for

Read More ›

How Secure Are the Browser Extensions You Create?

How Secure Are the Browser Extensions You Create?

Extensions have become a must-have on every user’s browser. Since most users are not aware of the power of browser extensions, the responsibility for creating secure browser extensions belongs to you, the developer. Browser vendors also share some responsibility, and are starting to understand how important the security of browser extensions are—for example, Google recently

Read More ›

Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features. In this blog post, we’ll recap Go’s security posture facing Regular Expression Denial of Service (ReDoS) attacks.

Read More ›

Jump to Category