Skip to main content
Websec Logo

Websec Cybersecurity Blog

Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.

Featured Article

Our most important cybersecurity insight

Image unavailable
Blog October 3, 2023

A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation

In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.

# CVE-2015-5198 # Checkmarx # CodeQL # UNIX
Read the full article
Filtering by: Topic: CodeQL
Image unavailable
Blog October 3, 2023

A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation

In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.

# CVE-2015-5198 # Checkmarx # CodeQL # UNIX
Read more
Image unavailable
Blog May 19, 2022

CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL

How CodeQL may help reduce false negatives within Open-Source projects. Taking a look into a deserialization vulnerability within Oracle Helidon (CVE-2022-21404).

# CVE-2022-21404 # CodeQL # Deserialization # Java # Oracle # SnakeYAML # YAML
Read more