Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Checkmarx Blog

How Attackers Could Hijack Your Android Camera to Spy on You

This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing a massive role in this, as users are able to quickly take out their phones and capture any moment in real-time with the simple

Read More ›

Combating the Continuous Development of Vulnerable Software

Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 as a list of common identifiers for publicly-known cybersecurity vulnerabilities found in commercial and open source software and / or firmware. What makes

Read More ›

Breaking Down the OWASP API Security Top 10 (Part 1)

As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. From the start, the project was designed to help organizations, developers, and application security teams become more aware of the risks associated with APIs. This past September, the OWASP API Security Top

Read More ›

The Hacker vs. Struts 2 Game – It Appears it has No Ending

If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on Struts 2 and stole hundreds of millions of PII records. The vulnerability (CVE-2017-5638) made a lot of noise, but like almost any critical

Read More ›

NFC False Tag Vulnerability – CVE-2019-9295

Introduction Security Aspects of Android Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux isolates applications from each other and from the system. Additional finer- grained security features are provided through

Read More ›

Power to the Players: 3 Tips for Gamifying Your Cybersecurity Training

It’s no hidden secret that an increased level of training and education is both one of the biggest needs and shortcomings in the cybersecurity industry. Organizations are falling victim to cyberattacks more frequently than ever before and the ramifications are only getting worse. According to IBM Security’s and Ponemon Institute’s 2019 Cost of a Data

Read More ›

The Open Source Cookbook: Prepping Your Kitchen

Over the course of this adventure into the culinary world of software development, we have drawn comparisons between open source software and cookie recipes, and equated open source risks to spoiled ingredients. When cooking, it’s imperative that we prep our kitchen properly, stocking the tools and equipment, getting our timing and steps in order, soliciting

Read More ›

Kotlin Guide: Why We Need Mobile Application Secure Coding Practices

October is the annual National Cybersecurity Awareness Month (NCSAM), which is promoted by the U.S. Department of Homeland Security and the National Initiative for Cybersecurity Careers and Studies (NICCS). According to the NICCS, “Held every October, NCSAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to

Read More ›

Becoming Optimus Prime Within Your AppSec Initiatives

When I was a child, I didn’t dream of becoming a legendary football player or a rock star. My dream was to become a Transformer: specifically Optimus Prime. I am sure some of you in the audience shared the same dream. As you can probably guess, unfortunately, this dream did not come true. But what

Read More ›

The Open Source Cookbook: Understanding Your Software Ingredients

As I introduced in my last article, where we explored the variance among open source components, distros, and forks, open source software and modern application development can be equated to baking. This analogy allows us to explore potentially complex topics through the more familiar lens of one’s unique take on popular recipes. This time, I’d

Read More ›

Jump to Category