Checkmarx | search
Click here to view Checkmarx news from 60+ newspapers.
Bookmark or Share- apex - How do I fix this Reflected XSS vulnerability? - Salesforce ...The CheckMarx security scanner says that this line is a Reflected XSS vulnerability.
- checkmarx - Reflected XSS problem - Salesforce Stack ExchangeCheckmarx is flagging these lines as Reflected XSS,Lately I have been doing a lot of research on this but couldn't solve this one can someone point me as to why these are major security threats?
- Checkmarx and JSON.serialize - Salesforce Stack ExchangeCheckmarx recommends using JSENCODE, HTMLENCODE, URLENCODE etc to fix the vulnerability and shut the scanner up. My question: really? I think it's a false positive. In what situation JSON.serialize would fail to properly escape quotes and / or html tags?
- Why Is Checkmarx Taking So Long To Complete? [closed]In other words, each new release generates a ton of work for everyone. Checkmarx is just one kink in the process. The Security Review Team typically gets backed up 2-4 weeks before a release, Checkmarx's free scanner gets clogged up with pre-release checks, Partner Support gets swamped with support requests, etc.
- Checkmarx Scanner is useless for CRUD and FLS issues checking?Checkmarx is not "useless," and, in fact, is very good at what it does. However, that's not to say that false positives are not possible. It can make mistakes. However, whenever you get a flag like this, you should check and see if it is a legitimate problem or not. If it is a false positive, document it and go on.
More
