Checkmarx Announces New GitHub Action

Application Security Glossary

JavaScript Static Code Analysis

During the development lifecycle, it’s easy for security vulnerabilities to creep into your code. The best way to head this off at the pass and ensure that security remains a priority during the development life cycle is to use static code analysis. For JavaScript static code analysis there are a few options on the market that can be deployed to assist in secure code development.


Jenkins Static Code Analysis

Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example – it works like ‘Cruise Control’ and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered to users. One question that users of Jenkins have often raised is how to implement static code analysis in a Jenkins environment.


Keylogger: The Invisible Threat

What are keyloggers?

A keylogger is a small, simple application that is typically designed to run “invisibly” on a computer so as to avoid detection by the actual computer user. A keylogger does exactly as its name implies—it logs all keystrokes that are inputted by the user. More sophisticated versions of keyloggers can also capture screen shots and mouse clicks. Keyloggers are typically used by malicious attackers to gain access to passwords, financial information or other sensitive information that they can use for their gain.


LDAP Injection

LDAP Injection is a vulnerability that affects web applications. It can be exploited by sending requests that are not properly analyzed and revised by the web application due to the vulnerability. An attacker can then modify LDAP statements using a proxy. This grants the attacker permissions needed to perform commands using the database server, web server and web app server. This can allow the attacker to access, modify or delete data contained within the LDAP tree.


Linux Hacking

Linux is an open-source operating system (OS) that shares many similarities with UNIX. It is the most popular OS used in mainframe, servers and super computers, thanks to its multiple-user functionality and multitasking capabilities. Linux, while not as common as Windows, can be found on many personal computers and mobile devices today. Android, the world’s most popular mobile operating system, is Linux-based. Originally Linux was not able to run many applications that were designed specifically for Windows environments. But in recent years, developers have worked to ensure that most Windows applications and games can also be run in Linux environments.



Malware is any type of malicious software that can be used to threaten a network or computer. It is typically used to steal information and data that can be used for personal or financial gain. Malware can be implemented into personal computers, company computers, company networks, mobile devices and other electronic devices. Some of the detrimental effects of malware can include data breaches, account compromisation, server hijacking, disruption in normal activities and communication and much more.


Man-In-The-Middle (MiM) Attacks

A Man-in-the-Middle (MiM) attack is a unique type of session hijacking that many companies face during the flow of communication data between client and server. This occurs when a malicious attacker is able to trick the client into believing he is the server and he tricks the server into believing he is the client. In this manner, the attacker is able to access and manipulate information that is intended to be communicated between the client and server only.


Mobile Application Security (Android/iOS)

Mobile application security for Android and iOS doesn’t always receive the attention it deserves. Because smartphones have become more affordable and internet access improves, software development teams are increasing mobile application development. Mobile internet traffic today accounts for 61% of total web traffic in Asia, and 57% of total web traffic in Africa. According to statista, 48% of the total web traffic globally is mobile internet traffic.


Multi-Platform JavaScript Code Analysis

The Source File Metrics application is an advanced JavaScript Code Analyzer. These codes calculate metrics like total files and lines, code lines for multiple formats and whitespace lines. Comment lines/files, average line length, code/whitespace ratio, code/comments ratio and code/ (comments/whitespace) ratio are also calculated.


OWASP Top 10 Vulnerabilities

The Open Web Application Security Project (OWASP) is an open-source application security community whose goal is to spread awareness surrounding the security of applications, best known for releasing the industry standard OWASP Top 10.

The OWASP community is powered by security knowledgeable volunteers from corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure.