Checkmarx Named a Leader in The Forrester Wave: SAST

Tag: SAST

Webinar Recording: The Business Value of Partial Code Scanning

We are pleased to present you with the recording of the latest webinar that was held on the 22nd of March. The webinar was presented by: Kevin Beaver of Principle Logic (http://www.principlelogic.com/) Maty Siman – Foudner & CTO of Checkmarx (https://www.checkmarx.com)

Read More ›

Static Application Security Testing (SAST) Tool Implementation

We have just published a new article on our website that discusses the process of achieving a successful SAST (Static Application Security Testing) tool implementation. It covers the various questions and concerns Checkmarx customers face when running evaluations of the available tools in the SAST category.

Read More ›

LDAP Injection

LDAP Injection (CWE: 90) is an attack allowing the attacker to modify LDAP queries. Recently, I encountered a nice LDAP Injection – and I started asking myself why do we hear so little about such vulnerabilities? I would expect the opposite.

Read More ›

Path Manipulation, Directory Traversal, and interesting JAVA code

Directory Traversal Attacks Directory Traversal (CWE: 22) is usually considered a subset of Path Manipulation (CWE: 73). Directory Traversal, also referred to as Path Traversal,  attacks occur by manipulating variables with the ‘../’ (dot-dot-slash is another name this attack sometimes goes by) sequences, and attempt to access directories and files stored in a system. Path Directory

Read More ›

Jump to Category