Software Architecture with Shortest Time-to-Market Consideration

Software Architecture with Shortest Time-to-Market Consideration

Survival of the Fastest Today, everything is getting faster. With social media and our smartphones, we expect immediate responses to our messages. When searching for the answer to a question, the internet ...
Exploiting Solidity and Smart Contracts via Reentrancy

Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint

This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart ...
Breaking Down the OWASP API Security Top 10 (Part 2)

Breaking Down the OWASP API Security Top 10 (Part 2)

Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the ...
Hijacking Google Pixel Camera Application

2019 – Checkmarx Research Roundup

Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes ...
Twas the Night of the Go-Live

Twas the Night of the Go-Live

Twas the night of the Go-Live, and all through the team, We were nervous as ever, at least it would seem. We thought we had done, everything that was right, We were ...
Raising Your Software Security Programs to the “STAR” Level

Raising Your Software Security Programs to the “STAR” Level

In sporting events, movies, and TV entertainment, we often have STAR athletes and STAR actors/actresses. When going to school, most students strive for an A* (STAR) grade on their assignments, tests, and ...
Injection Vulnerabilities – 20 Years and Counting

Injection Vulnerabilities – 20 Years and Counting

Injection vulnerabilities are one of the oldest exploitable software defects, which unfortunately are still prevalent today. Doing a simple search on cve.mitre.org com for the term injection returns with over 10,852 injection-related ...
Why I Hate Software Upgrades

Why I Hate Software Upgrades

Well, to be honest, I don’t hate them. However, upgrading software, any software, isn’t always a simple task. To start with, organizations often need to write up a statement of work (SOW) ...
Hijacking Google Pixel Camera Application

How Attackers Could Hijack Your Android Camera to Spy on You

This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing ...
Combating the Continuous Development of Vulnerable Software

Combating the Continuous Development of Vulnerable Software

Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 ...