Checkmarx Blog

15 AppSec Tips From the Top Ethical Hackers of 2014

2014 will go down as the year of the mega-attacks. It all started off during last years holiday season with the Target hackings that affected over 100 million customers. Soon the Heartbleed and Shellshock vulnerabilities were exposed, causing havoc all across the planet. The hackings kept on coming in the latter stages of the year

Read More »

Recent PayPal Bug Highlights CSRF Vulnerability Risks

PayPal has revolutionized the e-commerce market in recent years with its convenient characteristics that bolster user privacy. Gone are the days when online shopping required cumbersome bank transfers or complex credit card verifications. Unfortunately there is still work to be done on the security front after Egyptian researcher Yasser Ali shocked the world with his PayPal bug

Read More »

What was the worst InfoSec Fail of 2014?

It’s December, and thus the perfect time to reflect on the events of the past twelve months. In InfoSec, there’s a lot to contemplate, having been one of the worst years in terms of data breaches and security breakdowns. According to the 2015 PwC State of InfoSec Survey, there were an estimated 28.9 million breaches

Read More »

7 Essential Resource Centers to Boost Your InfoSec IQ

Many applications today possess critical vulnerabilities – SQL injections (SQLi), Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) being just a few of them. The first step in combating these security issues is getting to know how they work and learning about them from real life scenarios. Unfortunately, not all developers today are familiar with the

Read More »

SQL Injection Tutorial: Tackling SQLi with Source Code Analysis

The impact of the Drupal fiasco is still being felt across all industry sectors. The world’s third biggest CMS platform was compromised with arguably the oldest hacking technique in existence – the SQL injection (SQLi). While the Drupal 7.32 update has resolved this specific problem, SQL injections won’t really go away until they are treated from the

Read More »

open-source-static-code-analysis-security-tools

The Ultimate List of Open Source Static Code Analysis Security Tools

Doing security the right way demands an army – of developers, security teams, and the tools that each uses to help create and maintain secure code.   With the increasingly important mindset of creating quality, secure code from the start, we’ve seen a greater shift towards the adoption of tools designed to detect flaws as

Read More »

Samsung’s ‘Find My Mobile’ CSRF Flaw: A Wake Up Call for Mobile Developers

Samsung is currently topping sales charts worldwide with a wide range of Android powered phones catering to virtually all market segments. This mass distribution of mobile devices has magnified the importance of creating secure mobile applications. Unfortunately, a CSRF loophole has been found in one of the the South Korean phone manufacturer’s proprietary applications.

Read More »

7 Lessons We Should Take Away from the Drupal SQL Injection Flaw

What’s the Deal with Drupal? Another month, another apocalypse-summoning security catastrophe – and October was no different. Just over two weeks ago, the security team behind Drupal’s free and open-source CMS released an ominous security advisory that shocked many in the security industry. The advisory, SA-CORE-2014-005, informed users that an SQL injection flaw in all

Read More »

Pakistani Ethical Hacker Reveals How He Exposed Android Vulnerabilities

Hackers are often viewed as modern-day pirates. While mostly true due to the security hazards they create, ethical hackers actually are very helpful in actually improving security standards. Most of these security experts perform these actions simply for the benefit of the community. Rafay Baloch is one such ethical hacker.   Baloch, also known as

Read More »

21 AppSec & Security Gurus You Should Be Following On Twitter

 Are you an AppSec Tweeter?    Whether you’re a newbie or an old-timer in the world of application security, Twitter is a great place to listen in and connect with some of the best and brightest in the industry. To help, we’ve compiled a list of some of our favorite tweeters to add to your own

Read More »

Jump to Category