Introducing Checkmarx Software Composition Analysis (CxSCA)

Checkmarx Blog

Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT

Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT

These days IoT devices are an easy entry point for malicious users to invade users’ privacy. With that in mind, we tested the AEG Smart Scale PW 5653 BT, specifically the Bluetooth security (Bluetooth Low Energy or BLE). We also tested the mobile applications Smart Scale for Android and Smart Scale for iOS. To complete our tests,

Read More ›

Your 2019 Essential Software Security, Development, & DevOps Conferences

Your 2019 Essential Software Security, Development, & DevOps Conferences

“DevOps” encompasses a wide range of topics – throw security in there and you’ve added even more. This roundup includes events throughout the year and around the globe, from small events to community conferences and up. Whether you’re passionate about software security, ethical hacking, software development, cloud security, or DevOps, there’s something on this list

Read More ›

Shifting to DevSecOps, with Software Security Testing Built In

Shifting to DevSecOps, with Software Security Testing Built In

Many organizations today are in the process of transitioning to a DevOps-centric approach, but don’t want to leave security behind. In order to build security in from the beginning of their software development process, it’s essential to enhance your security posture by integrating application security testing solutions into the software development life cycle at your

Read More ›

Software Security Predictions: What to Watch for in 2019

Software Security Predictions: What to Watch for in 2019

Security breaches regularly made headlines in 2018, while advancements in DevOps, application security testing tools, artificial intelligence, machine learning, cloud adoption, and the Internet of Things raced forward. 2019 promises to be another busy year in technology and digital transformation, but what will that look like for software security? Here are our software security predictions

Read More ›

Android WebView: Are Secure Coding Practices Being Followed?

Android WebView: Are Secure Coding Practices Being Followed?

WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how security best practices in WebViews are being implemented in the wild. Are the apps with WebViews, currently available on

Read More ›

9 Key Players for a Winning Security Team

9 Key Players for a Winning Security Team

Basketball legend Michael Jordan once said, “Talent wins games, but teamwork and intelligence win championships.” When it comes to something as important as your company’s security, you can’t afford to rely on anything less than a championship security team. What does a championship security team mean for your organization? You may have hired the best

Read More ›

NFCdrip: Data Exfiltration Research in Near Field Communication

NFCdrip: Data Exfiltration Research in Near Field Communication

Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless payment systems use NFC devices, including smartphones, and are similar to those used in credit cards and electronic ticket smartcards. Social networking and

Read More ›

Get Freebies by Abusing the Android InApp Billing API

Get Freebies by Abusing the Android InApp Billing API

Security researchers started talking about vulnerabilities in the Android InApp Billing API years ago, but we found it worthwhile to take another look to see how it has improved (or not) and verify the best way to build security into the application. The Android InApp Billing API is a powerful part of the Android framework that allows

Read More ›

Don’t Get Phished – 7 Tips to Avoid This Common Cyber Attack

Don’t Get Phished – 7 Tips to Avoid This Common Cyber Attack

Phishing is the most common type of cyber-attack that impacts organizations both large and small. These attacks may take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Unfortunately, some of the more common ways we might

Read More ›

AppSec Is Dead But Software Security is Alive & Well

AppSec Is Dead, but Software Security Is Alive & Well

Everyone agrees that an enterprise’s application ecosystem must be protected, especially when data breaches are reported with alarming frequency and the average total cost of a breach comes in at $3.62 million. However, defeating increasingly severe threats requires a holistic approach to security, one that places an emphasis on managing not only application vulnerabilities but all

Read More ›

Jump to Category