Category: Checkmarx
Privilege Escalation on Meetup.com Enabled Redirection of Payments
As a result of our investigations, which are further detailed in this technical report, we found several “more-common” API security issues like Lack of Resources & Rate Limiting and Excessive […]On the Road to DevSecOps: Securing the Software Driving Mobility
However, the increasing number of applications and software-driven components are also associated with an increase in software-related risks. Every new service, component, endpoint, and API represents a new point of […]On the Road to DevSecOps: Top Three Benefits of CxFlow
Pertaining to development tools, DevOps is also about automation of the different tooling in use that improves the speed of software delivery. Designed primarily for those embarking on DevSecOps initiatives, […]Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach
According to documentation, “Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes and is intended for sanitizing text from untrusted sources.” In simpler terms, Bleach […]The Road to DevSecOps: Addressing the Challenges of AppSec Awareness
Stephen: Since our world relies heavily on software, today more than ever before, software must equal security. In this context, what are your thoughts on the origin of software vulnerabilities? […]It’s Time to Update Your Drupal Now!
Drupal just recently released two major versions, which piqued our researchers’ interest. Once the team got to work on the two latest versions of Drupal, they quickly found that both […]Bringing Your Retail Application Security Strategy Up to Par
This overnight shift to e-commerce dependence impacts all departments within retail organizations, especially IT and security. As marketing and sales teams work to entice consumers to online shop and spend, […]The Road to DevSecOps: Addressing the Challenges of Open Source Software
The adoption of open source by software development teams has dramatically changed the software industry overall. Instead of building all software “from scratch”, organizations use open-source components to their advantage, […]Survey: Nearly Half of Americans Refusing or Unlikely to Opt-In to COVID-19 Contact Tracing Apps
The past few months have placed digital transformation into overdrive, with consumers gravitating toward distance-enabling technology and applications more than ever before. While the benefits of these tools are clear […]AppSec, the developer way: Transforming security from a “dirty word” to a common practice
Security is seen by developers as the domain of the AppSec team, who have the unenviable task of scanning code and reporting to the development team that their code is […]Load More