Introducing Checkmarx Software Composition Analysis (CxSCA)
Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example – it works like ‘Cruise Control’ and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered to users. One question that users of Jenkins have often raised is how to implement static code analysis in a Jenkins environment.
What are keyloggers?
A keylogger is a small, simple application that is typically designed to run “invisibly” on a computer so as to avoid detection by the actual computer user. A keylogger does exactly as its name implies—it logs all keystrokes that are inputted by the user. More sophisticated versions of keyloggers can also capture screen shots and mouse clicks. Keyloggers are typically used by malicious attackers to gain access to passwords, financial information or other sensitive information that they can use for their gain.
LDAP Injection is a vulnerability that affects web applications. It can be exploited by sending requests that are not properly analyzed and revised by the web application due to the vulnerability. An attacker can then modify LDAP statements using a proxy. This grants the attacker permissions needed to perform commands using the database server, web server and web app server. This can allow the attacker to access, modify or delete data contained within the LDAP tree.
Linux is an open-source operating system (OS) that shares many similarities with UNIX. It is the most popular OS used in mainframe, servers and super computers, thanks to its multiple-user functionality and multitasking capabilities. Linux, while not as common as Windows, can be found on many personal computers and mobile devices today. Android, the world’s most popular mobile operating system, is Linux-based. Originally Linux was not able to run many applications that were designed specifically for Windows environments. But in recent years, developers have worked to ensure that most Windows applications and games can also be run in Linux environments.
Malware is any type of malicious software that can be used to threaten a network or computer. It is typically used to steal information and data that can be used for personal or financial gain. Malware can be implemented into personal computers, company computers, company networks, mobile devices and other electronic devices. Some of the detrimental effects of malware can include data breaches, account compromisation, server hijacking, disruption in normal activities and communication and much more.
A Man-in-the-Middle (MiM) attack is a unique type of session hijacking that many companies face during the flow of communication data between client and server. This occurs when a malicious attacker is able to trick the client into believing he is the server and he tricks the server into believing he is the client. In this manner, the attacker is able to access and manipulate information that is intended to be communicated between the client and server only.
Mobile application security for Android and iOS doesn’t always receive the attention it deserves. Because smartphones have become more affordable and internet access improves, software development teams are increasing mobile application development. Mobile internet traffic today accounts for 61% of total web traffic in Asia, and 57% of total web traffic in Africa. According to statista, 48% of the total web traffic globally is mobile internet traffic.
The Open Web Application Security Project (OWASP) is an open-source application security community whose goal is to spread awareness surrounding the security of applications, best known for releasing the industry standard OWASP Top 10.
The OWASP community is powered by security knowledgeable volunteers from corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure.