Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

Tag: Application Security Awareness

Raising Your Software Security Programs to the “STAR” Level

In sporting events, movies, and TV entertainment, we often have STAR athletes and STAR actors/actresses. When going to school, most students strive for an A* (STAR) grade on their assignments, tests, and assessments. In this same context, is there a way for organizations to achieve something similar concerning their software security programs? At Checkmarx, we

Read More ›

Injection Vulnerabilities – 20 Years and Counting

Injection vulnerabilities are one of the oldest exploitable software defects, which unfortunately are still prevalent today. Doing a simple search on cve.mitre.org com for the term injection returns with over 10,852 injection-related vulnerabilities in commercial and open source software since the year 2000, and the number of injection vulnerabilities continues to grow daily. The earliest

Read More ›

Why I Hate Software Upgrades

Well, to be honest, I don’t hate them. However, upgrading software, any software, isn’t always a simple task. To start with, organizations often need to write up a statement of work (SOW) designed to explain the entire upgrade process, taking into account all the things that might (and probably will…let’s face it) go wrong. Plan

Read More ›

How Attackers Could Hijack Your Android Camera to Spy on You

In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing a massive role in this, as users are able to quickly take out their phones and capture any moment in real-time with the simple click of a button. However, this presents a double-edged sword as

Read More ›

Combating the Continuous Development of Vulnerable Software

Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 as a list of common identifiers for publicly-known cybersecurity vulnerabilities found in commercial and open source software and / or firmware. What makes

Read More ›

Jump to Category