Tag : Open Source Security

OpenSSL-Vulnerabilities-01

OpenSSL Vulnerabilities: Takeaways from the Latest Patch

May 06, 2016 By Sarah Vonnegut | The OpenSSL project this week released a series of patches to combat six vulnerabilities that have been discovered as of late, including two high-severity flaws that would give attackers the ability to decrypt HTTPS traffic, execute malicious code on vulnerable servers, and possibly even cause servers to crash. Ironically, one of the flaws was actually inadvertently implemented as part of the fix for the Lucky 13 flaw that was discovered in 2013.

</Read More>
Open Source Component Security

How Secure Are Your Open Source Components?

Mar 25, 2016 By Sarah Vonnegut | For organizations around the world, open source code has allowed faster time to market, decreased the workload for developers and lowered costs for the organization. The ability for great minds from around the world to come together on a piece of code has given us Linux, Mozilla Firefox, WordPress, and hundreds of thousands of other projects in daily use.
  Yet, for all the positive open source components bring to the table, there is a dark side. For hackers, open source components are a goldmine. Unlike with custom applications developed in organizations, if a hacker finds just one critical vulnerability in the open source code, they can attack any of the hundreds of thousands of systems that use that component in their applications. Just last month, a buffer overflow vulnerability was discovered in the glibc library, allowing attackers to remotely execute malicious code.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.