Hellman & Friedman to Acquire Checkmarx at a $1.15B Valuation

Technical Blog

Take a peek into what the Checkmarx Application Security Research Team is up to by
keeping up with their blogs on the vulnerabilities, exploits, mitigation techniques
and secure coding best practices. 

Discussing AppSec Policies within DevSecOps

There’s no denying that today’s digital ecosystem must be protected. But preventing increasingly frequent and severe attacks, which often target customer data and confidential information, requires more out of your organization’s security policies. Add in the challenge of organizations being asked to develop, deliver, and deploy software faster than ever before, many are finding that

Read More ›

RSA Conference 2020 Wrap-Up: From Software Security to SoulCycle

Another year, another RSA Conference USA in the books! From talking software security and DevOps with thousands of attendees, to launching new research and solutions, and hosting a SoulCycle fitness class for AppSec professionals, we had a blast at this year’s show and couldn’t be more grateful to all who helped make it such a

Read More ›

Free your Developers from Mundane Tasks

Across industries, developers and DevOps teams rely on routine, repetitive processes to log and manage their software security vulnerabilities. But these processes are often inefficient, and they don’t require creative human thought. Although opening or closing a ticket in a defect management system (such as JIRA), or initiating a scan during the CI process to

Read More ›

Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed

There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer market, buyers often jump at the opportunity to purchase it and put it into action. Unfortunately, every new internet-connected gadget opens users up

Read More ›

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes many things in many ways, and whose usage world-wide has grown significantly after its adoption by the Apache Foundation. Figure 1 – Dubbo

Read More ›

Checkmarx Research: SoundCloud API Security Advisory

Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection of music from the most diverse creator community on earth.” This investigation was part of a broader research conducted by Checkmarx, in

Read More ›

Checkmarx Research: A Race Condition in Kubernetes

Last year, the Checkmarx Security Research Team decided to investigate Kubernetes due to the growing usage of it worldwide. For those who are not too familiar with this technology, you can find more information at the official site here. Kubernetes is an open-source framework written in the Go language, originally designed and developed by Google

Read More ›

Correlating and Remediating Security Risks at Scale is Vital to DevOps

The recent industry shift towards DevOps makes it clear that organizations are adopting this development and operational model to facilitate the practice of automating software delivery and deployment. As a result, organizations are acknowledging that their traditional approaches to software security are having a difficult time adapting to this new model, since security if often

Read More ›

Software Architecture with Shortest Time-to-Market Consideration

Survival of the Fastest Today, everything is getting faster. With social media and our smartphones, we expect immediate responses to our messages. When searching for the answer to a question, the internet can deliver it in seconds. Even Amazon’s one- or two-day delivery is no longer fast enough, and we can now get what we

Read More ›

Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint

Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.” It was proposed back in 2014 by Gavin Wood and developed by several people, most of them being core contributors to the Ethereum platform, to enable writing smart contracts on blockchain platforms such as Ethereum. Solidity was designed around the ECMAScript

Read More ›

Jump to Category