The 2024 Frost & Sullivan Report on Application Security Posture Management (ASPM) positions Checkmarx as the leading vendor in the market. Checkmarx One platform integrates ASPM as a core component, providing a comprehensive code-to-cloud security approach. It offers features such as native tool integrations, risk-based prioritization, and advanced correlation for effective vulnerability management and remediation. Compared to standalone ASPM solutions and those integrated with CNAPP platforms, Checkmarx’s approach offers a more flexible and unified platform for managing application security risks across the entire SDLC.
Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more. This warning to developers and infosec leaders comes from researchers at Checkmarx, who dub the techniques “command jacking.” Attackers can use entry points to run specific commands impersonating popular third-party tools and system commands, but they could also leverage malicious plugins and extensions. This highlights the importance of scrutinizing open source package repositories and ensuring that developers are aware of the potential risks associated with entry point attacks.