Checkmarx Security Research Team latest work

The mercenaries have been busy in the last couple of months. We got a very few good hits on the media and we’re proud of our work and the company itself. Solidity Top 10 Common Issues Smart Vacuum Security Flaws May Leave Users Exposed SoundCloud API Security Advisory A Race Condition in Kubernetes Solidity and… Continue reading Checkmarx Security Research Team latest work

Checkmarx Security Research Team latest work

We’ve got a lot of new research in our hands but so far only one got disclosed to the public. I’m talking about the LeapFrog LeapPad Ultimate research. It got a few hits on the media (CNET, The Telegraph,  ZDNET, BleepingComputer,  Threatpost, Fortune, …) and I’m very proud of this work specially because it keeps… Continue reading Checkmarx Security Research Team latest work

Checkmarx Security Research Team latest work

In these last couple of weeks Checkmarx Security Research Team disclosed some of our research: Your Lenovo Watch X Is Watching You & Sharing What It Learns Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT Android WebView: Are Secure Coding Practices Being Followed? NFCdrip: Data Exfiltration Research in Near Field… Continue reading Checkmarx Security Research Team latest work

Checkmarx Security Research Team latest work

My team has been working hard and we release more juicy stuff: – Common Security Mistakes when Developing Swift Applications – Part I – Meet NFCdrip – a New Security Concern for Air-Gapped Systems – What’s in Your Website? Lurking Risk from Third-party Resources – How Secure Are the Browser Extensions You Create? Pedro Umbelino… Continue reading Checkmarx Security Research Team latest work

Checkmarx Security Research Team latest work

The team who loves hacking and learning new things have published more stuff: Tinder’s Lack of Encryption Lets Strangers Spy on Your Swipes JavaScript Secure Coding Practices guide The Top 5 Exfiltration Attacks on WebViews JavaScript Attacks in WebViews Android WebView: Secure Coding Practices Is Your Child’s Data Safe From The Man In The Middle?

Why some vendors ignore RFD attacks?

Since I published my Reflected File Download Cheat Sheet I’m getting lot’s of private messages and emails from security researchers and bounty hunters telling that most companies ignore RFD attacks. So I decided to clear things up and answer three most popular questions. First a little introduction. In my opinion they’re three ways of implementing… Continue reading Why some vendors ignore RFD attacks?

Should bug hunters provide real personal data on bug appreciation programs?

That’s a question that sometimes comes in mind of many “hunters”. Personally in most cases, when I participate on these programs, I use fake information – one of the first reasons is to immediately test the input fields 🙂 Programs that required you to add your credit card info, phone number, bank info, … in… Continue reading Should bug hunters provide real personal data on bug appreciation programs?