Survival of the Fastest Today, everything is getting faster. With social media and our smartphones, we expect immediate responses to our messages. When searching for the answer to a question, the internet can deliver it in seconds. Even Amazon’s one- or two-day delivery is no longer fast enough, and we can now get what we
This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.” It was proposed back in 2014 by Gavin Wood and developed by several people, most of them being core contributors to the
Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the project was designed to help organizations, developers, and application security teams become increasingly aware of the risks associated with APIs. This past December,
Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes in software security practices among vendors that manufacture consumer-based technologies, while bringing more security awareness amid the consumers who purchase and use them.
Twas the night of the Go-Live, and all through the team, We were nervous as ever, at least it would seem. We thought we had done, everything that was right, We were hoping it’s quick, then we’d call it a night. We had the right tools, at least we thought so, We fired up
2019 proved to be a hectic year in the cybersecurity landscape. With 3,813 data breaches occurring in the first six months alone, (exposing over 4.1 billion records,) and 12174 new vulnerabilities discovered in commercial and open source software, this year has certainly been one for the memory books. With all signs pointing to 2020 being
In sporting events, movies, and TV entertainment, we often have STAR athletes and STAR actors/actresses. When going to school, most students strive for an A* (STAR) grade on their assignments, tests, and assessments. In this same context, is there a way for organizations to achieve something similar concerning their software security programs? At Checkmarx, we
Injection vulnerabilities are one of the oldest exploitable software defects, which unfortunately are still prevalent today. Doing a simple search on cve.mitre.org com for the term injection returns with over 10,852 injection-related vulnerabilities in commercial and open source software since the year 2000, and the number of injection vulnerabilities continues to grow daily. The earliest
Well, to be honest, I don’t hate them. However, upgrading software, any software, isn’t always a simple task. To start with, organizations often need to write up a statement of work (SOW) designed to explain the entire upgrade process, taking into account all the things that might (and probably will…let’s face it) go wrong. Plan
This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing a massive role in this, as users are able to quickly take out their phones and capture any moment in real-time with the simple
Sign up today & never miss an update from the Checkmarx blog
