Checkmarx Named a Leader in The Forrester Wave: SAST

Tag: Application Security Awareness

Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial

For the past few weeks and the foreseeable future, COVID-19 has forced organizations around the world to adopt work from home models. This can be a difficult transition, impacting productivity, workflows, and overall cybersecurity. And, with software development teams now “developing from home,” and in some cases being asked to meet even more aggressive delivery

Read More ›

Why “Shift Left” in DevOps is really “Shift Center”

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still tends to think of developing, testing, and delivering software as if someone was reading a

Read More ›

Free your Developers from Mundane Tasks

Across industries, developers and DevOps teams rely on routine, repetitive processes to log and manage their software security vulnerabilities. But these processes are often inefficient, and they don’t require creative human thought. Although opening or closing a ticket in a defect management system (such as JIRA), or initiating a scan during the CI process to

Read More ›

Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed

There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer market, buyers often jump at the opportunity to purchase it and put it into action. Unfortunately, every new internet-connected gadget opens users up

Read More ›

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes many things in many ways, and whose usage world-wide has grown significantly after its adoption by the Apache Foundation. Figure 1 – Dubbo

Read More ›

Jump to Category