Hellman & Friedman to Acquire Checkmarx at a $1.15B Valuation

Tag: Application Security Vulnerabilities

Why “Shift Left” in DevOps is really “Shift Center”

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still tends to think of developing, testing, and delivering software as if someone was reading a

Read More ›

Recommendations for Friends and Family on Staying Cyber Safe While Working Remotely

The world as a whole is coming together to quell the spread of COVID-19 by limiting social interaction, and in some instances, initiating full quarantines. Schools are closed for weeks, if not longer. Organizations have initiated very strict work from home policies to keep employees safe, and many restaurants and bars are only open for

Read More ›

A Message From Our CEO: Checkmarx’s Acquisition & The Road Ahead

We are all living in unconventional and unprecedented times. The entire world is adjusting to the rapidly-changing dynamics brought on by Coronavirus (COVID-19). Here at Checkmarx, we are taking deliberate and preventative measures to protect our global community of employees, customers, and partners. Our top priority is the health and safety of our team and

Read More ›

Discussing AppSec Policies within DevSecOps

There’s no denying that today’s digital ecosystem must be protected. But preventing increasingly frequent and severe attacks, which often target customer data and confidential information, requires more out of your organization’s security policies. Add in the challenge of organizations being asked to develop, deliver, and deploy software faster than ever before, many are finding that

Read More ›

RSA Conference 2020 Wrap-Up: From Software Security to SoulCycle

Another year, another RSA Conference USA in the books! From talking software security and DevOps with thousands of attendees, to launching new research and solutions, and hosting a SoulCycle fitness class for AppSec professionals, we had a blast at this year’s show and couldn’t be more grateful to all who helped make it such a

Read More ›

Free your Developers from Mundane Tasks

Across industries, developers and DevOps teams rely on routine, repetitive processes to log and manage their software security vulnerabilities. But these processes are often inefficient, and they don’t require creative human thought. Although opening or closing a ticket in a defect management system (such as JIRA), or initiating a scan during the CI process to

Read More ›

Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed

There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer market, buyers often jump at the opportunity to purchase it and put it into action. Unfortunately, every new internet-connected gadget opens users up

Read More ›

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes many things in many ways, and whose usage world-wide has grown significantly after its adoption by the Apache Foundation. Figure 1 – Dubbo

Read More ›

Checkmarx Research: SoundCloud API Security Advisory

Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection of music from the most diverse creator community on earth.” This investigation was part of a broader research conducted by Checkmarx, in

Read More ›

Checkmarx Research: A Race Condition in Kubernetes

Last year, the Checkmarx Security Research Team decided to investigate Kubernetes due to the growing usage of it worldwide. For those who are not too familiar with this technology, you can find more information at the official site here. Kubernetes is an open-source framework written in the Go language, originally designed and developed by Google

Read More ›

Jump to Category