Checkmarx Security Research Team
Drupal Core: Behind the Vulnerability
As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November ...
Drupal Core: Behind the Vulnerability
Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several ...
Cybersecurity Awareness Month Week 1: Day in the Life, Security Researcher
Welcome to week one of Checkmarx’s ‘Day in the Life’ Q&A series for Cybersecurity Awareness Month! Aren’t familiar with what we have planned for October? More here! Have you ever wondered what ...
Privilege Escalation on Meetup.com Enabled Redirection of Payments
The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...
Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed
There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer ...
Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)
Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...
Checkmarx Research: SoundCloud API Security Advisory
Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest ...
Checkmarx Research: A Race Condition in Kubernetes
Last year, the Checkmarx Security Research Team decided to investigate Kubernetes due to the growing usage of it worldwide. For those who are not too familiar with this technology, you can find ...
Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint
This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart ...
2019 – Checkmarx Research Roundup
Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes ...
