Software Exposure
How Attackers Could Hijack Your Android Camera to Spy on You
This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing ...
Combating the Continuous Development of Vulnerable Software
Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 ...
Breaking Down the OWASP API Security Top 10 (Part 1)
As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. From the start, the project was designed to help ...
The Hacker vs. Struts 2 Game – It Appears it has No Ending
If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on ...
NFC False Tag Vulnerability – CVE-2019-9295
Introduction Security Aspects of Android Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are ...
The Open Source Cookbook: Prepping Your Kitchen
Over the course of this adventure into the culinary world of software development, we have drawn comparisons between open source software and cookie recipes, and equated open source risks to spoiled ingredients ...
Kotlin Guide: Why We Need Mobile Application Secure Coding Practices
October is the annual National Cybersecurity Awareness Month (NCSAM), which is promoted by the U.S. Department of Homeland Security and the National Initiative for Cybersecurity Careers and Studies (NICCS). According to the ...
Becoming Optimus Prime Within Your AppSec Initiatives
When I was a child, I didn’t dream of becoming a legendary football player or a rock star. My dream was to become a Transformer: specifically Optimus Prime. I am sure some ...
Vulnerable Software – The Gift that Keeps on Giving
Concerning the latest data breaches on record, this past May was rather noteworthy. A host of organizations from around the world announced in fact, that they had experienced a data breach. From ...
AppSec Is Dead, but Software Security Is Alive & Well
Everyone agrees that an enterprise’s application ecosystem must be protected, especially when data breaches are reported with alarming frequency and the average total cost of a breach comes in at $3.62 million ...
