{"id":46616,"date":"2021-03-24T07:58:14","date_gmt":"2021-03-24T07:58:14","guid":{"rendered":"https:\/\/www.checkmarx.com\/?p=46616"},"modified":"2024-08-16T08:49:30","modified_gmt":"2024-08-16T08:49:30","slug":"exploitable-path-advanced-topics","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/","title":{"rendered":"Exploitable Path \u2013 Advanced Topics"},"content":{"rendered":"<p>This is the third and final blog on Exploitable Path \u2013 a unique feature that allows our customers to prioritize vulnerabilities in open-source libraries. In the <a href=\"https:\/\/checkmarx.com\/blog\/software-composition-analysis-why-exploitable-path-is-imperative\/\" target=\"_blank\" rel=\"noopener\">first blog<\/a>, we introduced the concept of Exploitable Path and its importance. The conclusion was that a vulnerability in a library is considered exploitable when:<\/p>\n<ul>\n<li>The vulnerable method in the library needs to be called directly or indirectly from a user\u2019s code.<\/li>\n<li>An attacker needs a carefully crafted input to reach this method and trigger the vulnerability.<\/li>\n<\/ul>\n<p>In the <a href=\"https:\/\/checkmarx.com\/blog\/exploitable-path-how-to-solve-a-static-analysis-nightmare\/\" target=\"_blank\" rel=\"noopener\">second blog<\/a>, we discussed some of the challenges in developing such a feature, and our unique approach. Mainly:<\/p>\n<ul>\n<li>Using a query language over the <a href=\"https:\/\/checkmarx.com\/cxsast-source-code-scanning\/\" target=\"_blank\" rel=\"noopener\">CxSAST<\/a> engine for the abstraction of queries over source code. This allows a more language-agnostic approach, so that Exploitable Path works for every programming language supported by CxSAST.<\/li>\n<li>We walked through the various CxSAST queries that are required to build a full call graph of a user\u2019s source code and its libraries\u2019 source code. By crossing it with vulnerability data, we can know if a vulnerability is exploitable or not.<\/li>\n<\/ul>\n<p>In this last blog in the series, we will cover more advanced topics we faced during the development of Exploitable Path.<\/p>\n<h2 class=\"article-anchor\" id=\"article-anchor-1\">Challenge no. 1 \u2013 Supporting Multiple Library Versions<\/h2>\n<p>The public data on a CVE usually contains affected versions, but how can we use this information to support Exploitable Path across versions? Meaning, if the source code of a library changes between various versions, how can we have the required data for Exploitable Path for each of those versions?<br>\nLet\u2019s assume we have a user\u2019s source code that uses a single open-source library. This library contains a vulnerability, and using <a href=\"https:\/\/cve.mitre.org\/\" target=\"_blank\" rel=\"noopener\">Mitre<\/a>, we can figure out the affected versions.<br>\nTo be able to assess if the vulnerability is exploitable, we need the following for each version on the library:<\/p>\n<ul>\n<li>A call graph of the library\u2019s code. This can be done automatically using CxSAST.<\/li>\n<li>Is the current version vulnerable?\n<ul>\n<li>If it is, the inner method in which the exploitation occurs is required.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Now the question is, \u201chow can we find this inner method for each vulnerable version\u201d? Going over each version manually is not practical, especially since a library can have hundreds of versions.<br>\nThe first part of the solution is to find the inner method that\u2019s vulnerable. Usually, a vulnerability goes together with a specific method (or methods) that are responsible for a certain logic. Pull requests and commits for the relevant CVE, help our Analysts uncover the relevant method.<br>\nNext, we generate a fingerprint of the fix \u2013 if a version contains the fix, we can mark it as not vulnerable to this CVE. This is where our powerful static code analysis tool comes into play again, making it easy to re-assess hundreds of library versions for the vulnerability.<br>\nRe-assessing the affected versions of a vulnerability is crucial. As it turns out, this data on public websites like <a href=\"https:\/\/cve.mitre.org\/\" target=\"_blank\" rel=\"noopener\">Mitre<\/a> is often not precise. Versions that are marked as vulnerable can be safe and vice versa. It can be the result of human error, or even a slight difference in the version tags between the public registry and the git repository on which the library is developed. By searching for the fingerprint of the fix, we can ensure the quality and accuracy of our vulnerabilities data.<br>\nUsing the in-depth analysis process, the vulnerable method is marked for every affected version, eventually resulting in a very accurate Exploitable Path scan.<\/p>\n<h2 class=\"article-anchor\" id=\"article-anchor-2\">Challenge no. 2 \u2013 Data Flow<\/h2>\n<p>Just because your code calls a vulnerable method, that doesn\u2019t mean you are automatically at risk. \u00a0To assess the risk properly (and avoid false positives), it\u2019s crucial to have both a call graph and a DFG (Data Flow Graph) of a code to assess its exploitability<br>\nLet\u2019s start with an example, and assume that a method called <em>parse(content)<\/em> has a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Denial-of-service_attack\" target=\"_blank\" rel=\"noopener\">DoS<\/a> (Denial of Service) vulnerability given the right input. If <em>parse()<\/em> is only called with a constant value, meaning <em>parse(CONSTANT_VALUE)<\/em>, there is no attack surface for an attacker to exploit it and cause a DoS. On the other hand, if a user of the application controls the input parameter of <em>parse()<\/em>, it\u2019s a different story. For example, this input can be a comment or other data provided by the user. In such a case, the attacker can easily exploit the vulnerability and craft the required input.<br>\nThe reality is more complex, as there are various ways data can be transferred in code:<\/p>\n<ul>\n<li>Input parameters<\/li>\n<li>Global or class members<\/li>\n<li>The return value of another method invocation<\/li>\n<\/ul>\n<p>Also, not all data options are necessary for exploitation. For example, a method <em>parseRequest(HttpRequest request, Config config)<\/em> can be vulnerable for exploitation using only the \u00a0<em>HttpRequest.Content<\/em> member in the request parameter.<br>\nNow we understand the importance, but how do you incorporate DFG in the process of assessing a vulnerability? To be more specific, how can we know that a vulnerability is exploitable from a data flow point of view?<br>\nFirst, we use CxSAST to build a DFG. We start at the vulnerable method and trace back the origins of data point. Eventually we\u2019ll reach one of the following cases:<\/p>\n<ul>\n<li>A constant value. This is not exploitable, of course.<\/li>\n<li>An input parameter of a method that is not called by other methods. This is a potential data flow compromise, as in the context of the static code scan, we don\u2019t know how the method is invoked.<\/li>\n<li>An internal method of the language is called, such as fopen() in Python.<\/li>\n<li>A method of a different library is called, and its source code is not available.<\/li>\n<\/ul>\n<p>The last two cases are the most interesting ones, and have two complementary approaches:<\/p>\n<ul>\n<li>As a rule of thumb, mark those methods as a potential for data flow compromise since the inner implementation is unknown.<\/li>\n<li>Mark specific methods as definite data flow compromises. For example, reading contents from a database pipe file. The same goes for parsing HTTP packets, pulling a message from a message queue, etc.<\/li>\n<\/ul>\n<p>These two approaches are the basis for DFG support in assessing a vulnerability for exploitability.<\/p>\n<h2 class=\"article-anchor\" id=\"article-anchor-3\">Summary<\/h2>\n<p>In this blog we covered two additional advanced topics in Exploitable Path. We started with the problem of supporting various library versions, and how this is solved using the in-depth analysis process. Then, we discussed the integration of DFG in the vulnerability evaluation process, and how to backtrack the flow of data in the code.<br>\nWith <a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\" target=\"_blank\" rel=\"noopener\">CxSCA<\/a>, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale. For a free demonstration of CxSCA, please contact us <a href=\"https:\/\/checkmarx.com\/request-a-demo\/?utm_source=blog&amp;utm_medium=direct&amp;utm_campaign=exploitable-path-advanced-topics\" target=\"_blank\" rel=\"noopener\">here<\/a>.<br>\n<a href=\"https:\/\/info.checkmarx.com\/ultimate-guide-software-compositon-analysis-ebook?utm_source=blog&amp;utm_medium=blog&amp;utm_search_query=eBook-The-Ultimate-Guide-to-SCA&amp;utm_campaign=X-LP-2021-CA-Ultimate-Guide-to-SCA-eBook\"><img decoding=\"async\" class=\"alignnone wp-image-62687 size-full\" style=\"margin-top: 1rem;\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/01\/Checkmarx-SCA-Cookbook-PaidMediaAds-GDN-1200x628-2.jpg\" alt=\"CHECKMARX ULTIMATE GUIDE - Download the eBook\" width=\"1200\" height=\"628\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/01\/Checkmarx-SCA-Cookbook-PaidMediaAds-GDN-1200x628-2.jpg 1200w, https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/01\/Checkmarx-SCA-Cookbook-PaidMediaAds-GDN-1200x628-2-300x157.jpg 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/01\/Checkmarx-SCA-Cookbook-PaidMediaAds-GDN-1200x628-2-1024x536.jpg 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/01\/Checkmarx-SCA-Cookbook-PaidMediaAds-GDN-1200x628-2-768x402.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>This is the third and final blog on Exploitable Path \u2013 a unique feature that allows our customers to prioritize vulnerabilities in open-source libraries. In the first blog, we introduced the concept of Exploitable Path and its importance. The conclusion was that a vulnerability in a library is considered exploitable when: The vulnerable method in [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":54316,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[233,311,334,178,179],"class_list":["post-46616","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-cxsast","tag-cxsca","tag-exploitable-path-analysis","tag-sca","tag-software-composition-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Exploitable Path \u0096 Advanced Topics - Checkmarx.com<\/title>\n<meta name=\"description\" content=\"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploitable Path \u2013 Advanced Topics\" \/>\n<meta property=\"og:description\" content=\"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-24T07:58:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-16T08:49:30+00:00\" \/>\n<meta name=\"author\" content=\"Alex Livshiz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Exploitable Path \u2013 Advanced Topics\" \/>\n<meta name=\"twitter:description\" content=\"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex Livshiz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\"},\"author\":{\"name\":\"Alex Livshiz\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/d9c679770d93d960ee90b422cff9a160\"},\"headline\":\"Exploitable Path \u2013 Advanced Topics\",\"datePublished\":\"2021-03-24T07:58:14+00:00\",\"dateModified\":\"2024-08-16T08:49:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\"},\"wordCount\":1131,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png\",\"keywords\":[\"CxSAST\",\"CxSCA\",\"Exploitable Path Analysis\",\"SCA\",\"Software Composition Analysis\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\",\"name\":\"Exploitable Path \u0096 Advanced Topics - Checkmarx.com\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png\",\"datePublished\":\"2021-03-24T07:58:14+00:00\",\"dateModified\":\"2024-08-16T08:49:30+00:00\",\"description\":\"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png\",\"width\":1024,\"height\":512},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/d9c679770d93d960ee90b422cff9a160\",\"name\":\"Alex Livshiz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_29.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_29.jpg\",\"caption\":\"Alex Livshiz\"},\"url\":\"https:\/\/checkmarx.com\/author\/alex\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exploitable Path \u0096 Advanced Topics - Checkmarx.com","description":"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/","og_locale":"en_US","og_type":"article","og_title":"Exploitable Path \u2013 Advanced Topics","og_description":"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.","og_url":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2021-03-24T07:58:14+00:00","article_modified_time":"2024-08-16T08:49:30+00:00","author":"Alex Livshiz","twitter_card":"summary_large_image","twitter_title":"Exploitable Path \u2013 Advanced Topics","twitter_description":"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Alex Livshiz","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/"},"author":{"name":"Alex Livshiz","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/d9c679770d93d960ee90b422cff9a160"},"headline":"Exploitable Path \u2013 Advanced Topics","datePublished":"2021-03-24T07:58:14+00:00","dateModified":"2024-08-16T08:49:30+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/"},"wordCount":1131,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png","keywords":["CxSAST","CxSCA","Exploitable Path Analysis","SCA","Software Composition Analysis"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/","url":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/","name":"Exploitable Path \u0096 Advanced Topics - Checkmarx.com","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png","datePublished":"2021-03-24T07:58:14+00:00","dateModified":"2024-08-16T08:49:30+00:00","description":"With CxSCA, Checkmarx enables your organizations to address open-source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so you can deliver secure software faster and at scale.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/exploitable-path-advanced-topics\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/03\/Website-1024x512-4.png","width":1024,"height":512},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/d9c679770d93d960ee90b422cff9a160","name":"Alex Livshiz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_29.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_29.jpg","caption":"Alex Livshiz"},"url":"https:\/\/checkmarx.com\/author\/alex\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/46616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=46616"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/46616\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/54316"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=46616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=46616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=46616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}