Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Technical Blog

Take a peek into what the Checkmarx Application Security Research Team is up to by
keeping up with their blogs on the vulnerabilities, exploits, mitigation techniques
and secure coding best practices. 

NFC False Tag Vulnerability – CVE-2019-9295

Introduction Security Aspects of Android Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux isolates applications from each other and from the system. Additional finer- grained security features are provided through

Read More ›

LeapFrog LeapPad Ultimate Security Vulnerabilities

Protecting our children from the dangers on the internet is something all parents strive for and struggle with. When you find a toy that you think is safe, and will educate and entertain your child, you buy it. Right? That’s why parents bought and continue to buy LeapFrog’s LeapPad Ultimate. The Checkmarx Security Research Team

Read More ›

The Open Source Cookbook: A Baker’s Guide to Modern Application Development

It is often said that open source software is like a recipe. In this context, let’s discuss your grandmother’s favorite cookies. It’s quite possible your grandmother is known throughout the family as having the most famous chocolate chip cookies. Maybe she’s better known for her Pecan Sandies, or her Rich Tea Biscuits. Whichever is her

Read More ›

Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT

Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT

These days IoT devices are an easy entry point for malicious users to invade users’ privacy. With that in mind, we tested the AEG Smart Scale PW 5653 BT, specifically the Bluetooth security (Bluetooth Low Energy or BLE). We also tested the mobile applications Smart Scale for Android and Smart Scale for iOS. To complete our tests,

Read More ›

Android WebView: Are Secure Coding Practices Being Followed?

Android WebView: Are Secure Coding Practices Being Followed?

WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how security best practices in WebViews are being implemented in the wild. Are the apps with WebViews, currently available on

Read More ›

NFCdrip: Data Exfiltration Research in Near Field Communication

NFCdrip: Data Exfiltration Research in Near Field Communication

Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless payment systems use NFC devices, including smartphones, and are similar to those used in credit cards and electronic ticket smartcards. Social networking and

Read More ›

Get Freebies by Abusing the Android InApp Billing API

Get Freebies by Abusing the Android InApp Billing API

Security researchers started talking about vulnerabilities in the Android InApp Billing API years ago, but we found it worthwhile to take another look to see how it has improved (or not) and verify the best way to build security into the application. The Android InApp Billing API is a powerful part of the Android framework that allows

Read More ›

Smart Bulb Offers Light, Color, Music, and... Data Exfiltration?

Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?

Smart bulbs are widely known as a successful offering in home automation and IoT products, as they are internet-capable light bulbs that allow home users to customize the colors, schedule on and off times, and control them remotely. Some even play music and could improve your sleep. Any device that can wireless connect with phone

Read More ›

Jump to Category