Privilege Escalation on Meetup.com Enabled Redirection of Payments
The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people with similar interests gather. Events can be in person, and in light of the ongoing pandemic, many of ... Read More
Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach
As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning security vulnerabilities. Patches were released in mid-March 2020, with Checkmarx CxSCA customers using Bleach receiving notice of the ... Read More
It’s Time to Update Your Drupal Now!
As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its recently launched SCA solution, the Checkmarx Security Research Team analyzed Drupal, an open source content management system (CMS) ... Read More
Solidity Top 10 Common Issues
In 2018, we performed our initial research about the current state of security in the context of Smart Contracts, focusing on those written in Solidity “a contract-oriented, high-level language for implementing smart contracts“. At that time, we compiled a Top 10 list of the most common Smart Contracts security issues ... Read More
Breaking Down the OWASP API Security Top 10 (Part 2)
Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the project was designed to help organizations, developers, and application security teams become increasingly aware of the risks associated ... Read More
How Attackers Could Hijack Your Android Camera to Spy on You
This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing a massive role in this, as users are able to quickly take out their phones and capture any ... Read More
Breaking Down the OWASP API Security Top 10 (Part 1)
As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. From the start, the project was designed to help organizations, developers, and application security teams become more aware of the risks associated with APIs. This past September, ... Read More
Why you need to be thinking about API Security
As cyber attackers continue to take advantage of vulnerable people, processes, and technology, they are now expanding their operations beyond “traditional” targets. It seems that nothing is outside of their jurisdiction and no one is 100 percent safe from their malicious campaigns. Although organizations are making strides in the right ... Read More
ReDoS in Go
Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features. In this blog post, we will recap Go’s security posture facing ... Read More
