CVE-2020-35774: twitter-server XSS Vulnerability Discovered
Dor Tumarkin | | Blog, Checkmarx Security Research Team, CVE-2020-35774, CxSCA, Open Source Security, Software Composition Analysis, Technical Blog, XSS
According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative ...
What is the ROI of Checkmarx Application Security Testing (AST)?
Stephen Gates | | Application Security Testing, Blog, CxCodebashing, CxSAST, Nucleus Research, return on investment, ROI
When it comes to IT security initiatives, many enterprises struggle to quantify business value and return on investment (ROI), often viewing their security spend solely as an insurance expense – a must-have ...
Preventing Developer Burnout in the Age of Rapid Software Delivery
James Brotsos | | Application Security Testing, Blog, developer training, integration, Secure Coding Education, Security Automation
“Burnout” happens across all jobs and industries, especially tech. However, developers have always been particularly at-risk of falling victim to burning out, and the COVID-19 pandemic, and the resulting digital shift driven ...
2020 Checkmarx Partner Awards – APJ, EMEA & LATAM
Zack Bentolila | | Blog, Campaigns, channel partners, Checkmarx Partners, Partner Training, Programs
Every year at Checkmarx, we recognize and award our business partners who have gone above and beyond to help their customers overcome their software security and business challenges. awards reflect our deep ...
2021 Cybersecurity Predictions: Our Experts Weigh In
Stephen Gates | | Blog, Cloud Software Development, Cloud-native, Cloud-Native Security, infrastructure as code, predictions
To say that 2020 was an unusual year would be an understatement. Business, government, healthcare, and education drastically changed with many organizations making massive digital transformations that were completely unplanned in many ...
Seven Ways We’ve Helped our Partners Transform to Digital Reality During COVID
Zack Bentolia | | ATO, Authority to Operate, Blog, DEVOPS, DevSecOps, federal agencies, Security Automation
In 2020, “digital transformation” went from a buzzword to reality. Businesses and governments alike experienced first-hand what it meant to undergo rapid, high-stakes transformation in the way they operate, and many are ...
Drupal Core: Behind the Vulnerability
Dor Tumarkin | | Blog, Checkmarx Security Research Team, CVE-2020-13669, Drupal security analysis, Self-XSS, Stored-XSS, Technical Blog, XSS
As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November ...
How Agencies Can Take Advantage of DevSecOps and Automation to Accelerate ATOs
Stephen Gates | | ATO, Authority to Operate, Blog, DEVOPS, DevSecOps, federal agencies, Security Automation
As federal agencies develop more online services and systems to meet the mission of the U.S. government, their appetite and need to develop and deploy secure software applications rapidly continues to grow ...
Drupal Core: Behind the Vulnerability
Dor Tumarkin | | Blog, Checkmarx Security Research Team, CSRF, Drupal, Drupal security analysis, Reflected XSS, security vulnerability, Technical Blog
Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several ...
Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered
Eugene Rojavski | | Apache Unomi, Blog, Codebashing, CxSAST, CxSCA, Remote Code Execution Vulnerabilities, Software Composition Analysis, Technical Blog
“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can ...