Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Technical Blog

Take a peek into what the Checkmarx Application Security Research Team is up to by
keeping up with their blogs on the vulnerabilities, exploits, mitigation techniques
and secure coding best practices. 

Common Security Mistakes when Developing Swift Applications – Part I

Common Security Mistakes when Developing Swift Applications – Part I

Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many others at Apple Inc., Swift is a general-purpose, multi-paradigm, compiled programming language. Although first released as a proprietary programming language, version

Read More ›

Meet NFCdrip – a New Security Concern for Air-Gapped Systems

Meet NFCdrip – a New Security Concern for Air-Gapped Systems

Air-gapping means physically isolating a secure computer from unsecured networks, such as the public Internet or an unsecured local area network. The concept of air-gapping represents just about the maximum protection one network can have from another, other than actually turning off the device. Typically, military or governmental computer systems, financial computer systems, industrial control

Read More ›

What’s in Your Website? Lurking Risk From Third-party Resources

What’s in Your Website? Lurking Risk from Third-party Resources

Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, third-party resources provide important functional or business value. When organizations are asked how they’re addressing the potential security risks, the people responsible for

Read More ›

How Secure Are the Browser Extensions You Create?

How Secure Are the Browser Extensions You Create?

Extensions have become a must-have on every user’s browser. Since most users are not aware of the power of browser extensions, the responsibility for creating secure browser extensions belongs to you, the developer. Browser vendors also share some responsibility, and are starting to understand how important the security of browser extensions are—for example, Google recently

Read More ›

Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features. In this blog post, we’ll recap Go’s security posture facing Regular Expression Denial of Service (ReDoS) attacks.

Read More ›

Decrypting JobCrypter

Ransomware has been a growing issue for some time now. It has evolved into a big business, moving millions of dollars yearly from victims’ pockets into those of attackers. The modus operandi of ransomware authors is to infect your machine through any vector (phishing, drive-by browser exploits, waterholing, etc.) and then proceed to encrypt your important files.

Read More ›

The Top 5 Exfiltration Attacks on WebViews

The Top 5 Exfiltration Attacks on WebViews

WebViews are a huge advantage when it comes to portability. But at what cost? By allowing Web content to interact with native functions, a window of attack possibilities opens. Old versions of Android (until API 17) allowed Remote Code Execution when an attacker was able to abuse a JavaScript Interface. Although this vulnerability was fixed in

Read More ›

Android WebView: Secure Coding Practices

Nowadays, there is no doubt that mobile applications have changed the world in a big way. Just look at the interaction habits, for example the way people socialize as individuals or in a group has changed as what was once far away is now at our fingertips. This is part one of a four-part series. Click

Read More ›

Jump to Category