Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example – it works like ‘Cruise Control’ and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered to users. One question that users of Jenkins have often raised is how to implement static code analysis in a Jenkins environment.
What are keyloggers?
A keylogger is a small, simple application that is typically designed to run “invisibly” on a computer so as to avoid detection by the actual computer user. A keylogger does exactly as its name implies—it logs all keystrokes that are inputted by the user. More sophisticated versions of keyloggers can also capture screen shots and mouse clicks. Keyloggers are typically used by malicious attackers to gain access to passwords, financial information or other sensitive information that they can use for their gain.
LDAP Injection is a vulnerability that affects web applications. It can be exploited by sending requests that are not properly analyzed and revised by the web application due to the vulnerability. An attacker can then modify LDAP statements using a proxy. This grants the attacker permissions needed to perform commands using the database server, web server and web app server. This can allow the attacker to access, modify or delete data contained within the LDAP tree.
Linux is an open-source operating system (OS) that shares many similarities with UNIX. It is the most popular OS used in mainframe, servers and super computers, thanks to its multiple-user functionality and multitasking capabilities. Linux, while not as common as Windows, can be found on many personal computers and mobile devices today. Android, the world’s most popular mobile operating system, is Linux-based. Originally Linux was not able to run many applications that were designed specifically for Windows environments. But in recent years, developers have worked to ensure that most Windows applications and games can also be run in Linux environments.
Malware is any type of malicious software that can be used to threaten a network or computer. It is typically used to steal information and data that can be used for personal or financial gain. Malware can be implemented into personal computers, company computers, company networks, mobile devices and other electronic devices. Some of the detrimental effects of malware can include data breaches, account compromisation, server hijacking, disruption in normal activities and communication and much more.
A Man-in-the-Middle (MiM) attack is a unique type of session hijacking that many companies face during the flow of communication data between client and server. This occurs when a malicious attacker is able to trick the client into believing he is the server and he tricks the server into believing he is the client. In this manner, the attacker is able to access and manipulate information that is intended to be communicated between the client and server only.
Mobile application security for Android and iOS is a field which doesn’t always receive the attention it deserves. Software development teams have been scaling up their mobile application development over the last decade as smartphones have become more affordable and mobile bandwidth (and Wi-Fi) access has improved. It has been estimated that nearly 1 billion people will access the Internet for the first time in the next decade thanks to these devices. In addition, the smartphone has already established itself as the dominant platform for web access in developed nations.
The Open Web Application Security Project (OWASP) is an open-source application security community whose goal is to spread awareness surrounding the security of applications, best known for releasing the industry standard OWASP Top 10.
The OWASP community is powered by security knowledgeable volunteers from corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.