Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native Applications: KICS

Tag: Codebashing

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can be used to integrate personalization and profile management within very different systems such as CMSs, CRMs, Issue Trackers, native mobile applications, etc. Unomi

Read More ›

Remarkable University Study About Real-World Cybersecurity Training

Today’s cybersecurity and software development students spend years in the classroom honing their skills for gainful employment once they graduate. They’re being equipped with deep knowledge of application vulnerabilities, real-world attack scenarios, and extensive software development expertise that includes secure coding practices. The many students the universities are educating today are being better equipped than

Read More ›

Post-Pandemic Responsibilities for a Modern Day CISO

It’s no hidden secret that businesses have been moving toward digital transformation for years, but the current pandemic has accelerated this movement at a rate and scale like never seen before. As Microsoft CEO Satya Nadella recently put it, “We have seen two years’ worth of digital transformation in two months.” As organizations worldwide adjust

Read More ›

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning security vulnerabilities. Patches were released in mid-March 2020, with Checkmarx CxSCA customers using Bleach receiving notice of the issues in advance. Given that

Read More ›

The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program. The Q&A is as follows: Stephen: Since our world relies heavily on software, today more than ever before, software must equal security. In

Read More ›

Jump to Category