Paulo Silva
Blog – Checkmarx

Checkmarx Research: SoundCloud API Security Advisory

Checkmarx Research: SoundCloud API Security Advisory

| | Application Security Awareness, Application Security Vulnerabilities, Blog, Checkmarx Security Research Team, mobile app security, OWASP Top 10 API, research, Technical Blog
Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection of music from the most diverse creator community on earth.” This investigation was part of a broader ... Read More
Blog – Checkmarx
Exploiting Solidity and Smart Contracts via Reentrancy

Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint

| | Application Security Awareness, application security program, Application Security Vulnerabilities, Blog, Checkmarx Security Research Team, Security Research, Technical Blog
This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.” It was proposed back in 2014 by Gavin Wood and developed by several people, most of them ... Read More
Blog – Checkmarx
(More) Common Security Mistakes when Developing Swift Apps – Part II

(More) Common Security Mistakes when Developing Swift Apps – Part II

| | binary patching, Blog, code tampering, Cycript, dynamic memory modification, Extraneous Functionality, Frida, Insecure Communication, Insecure Direct Object References, local resource modification, method hooking, method swizzling, mobile banking, Mobile Security, OWASP Mobile Security Testing Guide, Reverse Engineering iOS Apps, SWIFT, Technical Blog
In my post last week I shared common security mistakes developers make when building Swift applications – covering insecure data storage, symmetric key algorithms, insecure communication and more. If you haven’t read it, please take a few minutes to review this information. It’s critical to understand these mistakes as well ... Read More
Blog – Checkmarx
Common Security Mistakes when Developing Swift Applications – Part I

Common Security Mistakes when Developing Swift Applications – Part I

| | Blog, certificate pinning, cryptography, data storage, Insecure Communication, Insecure Data Storage, Keychain, Mobile Security, OWASP 2016 Mobile Top 10, SSL Certificates, SWIFT, Symmetric Key Algorithms, Technical Blog
Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many others at Apple Inc., Swift is a general-purpose, multi-paradigm, compiled programming language. Although first released ... Read More
Blog – Checkmarx