Solidity Top 10 Common Issues

Solidity Top 10 Common Issues

In 2018, we performed our initial research about the current state of security in the context of Smart Contracts, focusing on those written in Solidity “a contract-oriented, high-level language for implementing smart ...
Kudos to the Unsung Heroes in our Current Times: Software Developers

Kudos to the Unsung Heroes in our Current Times: Software Developers

As the world duly salutes our front-line medical professionals, first responders, military and police, factory workers, delivery drivers, construction teams, repair technicians, store clerks, farmers, truckers, pharmacists, cooks, and millions of other ...
Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial

Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial

For the past few weeks and the foreseeable future, COVID-19 has forced organizations around the world to adopt work from home models. This can be a difficult transition, impacting productivity, workflows, and ...
London | London Eye

Why “Shift Left” in DevOps is really “Shift Center”

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process ...
Free your Developers from Mundane Tasks

Free your Developers from Mundane Tasks

Across industries, developers and DevOps teams rely on routine, repetitive processes to log and manage their software security vulnerabilities. But these processes are often inefficient, and they don’t require creative human thought ...
Smart Vacuum Vulnerability Puts Owners' Privacy at Risk

Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed

There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer ...
Exploiting Apache Dubbo Remote Code Execution Vulnerability

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...
Checkmarx Research: SoundCloud API Security Advisory

Checkmarx Research: SoundCloud API Security Advisory

Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest ...
Checkmarx Research: A Race Condition in Kubernetes

Checkmarx Research: A Race Condition in Kubernetes

Last year, the Checkmarx Security Research Team decided to investigate Kubernetes due to the growing usage of it worldwide. For those who are not too familiar with this technology, you can find ...
Correlating and Remediating Security Risks at Scale is Vital to DevOps

Correlating and Remediating Security Risks at Scale is Vital to DevOps

The recent industry shift towards DevOps makes it clear that organizations are adopting this development and operational model to facilitate the practice of automating software delivery and deployment. As a result, organizations ...