Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can ...
Remarkable University Study About Real-World Cybersecurity Training

Remarkable University Study About Real-World Cybersecurity Training

Today’s cybersecurity and software development students spend years in the classroom honing their skills for gainful employment once they graduate. They’re being equipped with deep knowledge of application vulnerabilities, real-world attack scenarios, ...
Post-Pandemic Responsibilities for a Modern Day CISO

Post-Pandemic Responsibilities for a Modern Day CISO

It’s no hidden secret that businesses have been moving toward digital transformation for years, but the current pandemic has accelerated this movement at a rate and scale like never seen before. As ...
Exploiting mXSS Vulnerabilities Within Mozilla-Bleach

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning ...
The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program ...
Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial

Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial

For the past few weeks and the foreseeable future, COVID-19 has forced organizations around the world to adopt work from home models. This can be a difficult transition, impacting productivity, workflows, and ...
Power to the Players: 3 Tips for Gamifying Your Cybersecurity Training

Power to the Players: 3 Tips for Gamifying Your Cybersecurity Training

It’s no hidden secret that an increased level of training and education is both one of the biggest needs and shortcomings in the cybersecurity industry. Organizations are falling victim to cyberattacks more ...
AppSec Training – Necessary, but not sufficient

AppSec Training – Necessary, but not sufficient

It’s no secret that the earlier you discover security bugs in the software development life cycle (SDLC), the more time, money, and resources you will save. While making use of “reactive” security ...