Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Photo by Rishi Deep on Unsplash: https://unsplash.com/photos/WiCvC9u7OpE

Vulnerability classifiers

A pipeline to classify vulnerable code

After our first encounter with the Python machine learning ecosystem, we are ready for a first attempt at creating a vulnerability classifier from samples of labeled code. Our objective is to...



Data and regression line, crop.

Digression to Regression

Simple linear regression in scikit

After our risk quantification series, it should come as no surprise that we like numbers and measuring. However, when confronted with the question: "Why do you need to translate code into...



Data Has A Better Idea. Photo by Stefan Steinbauer on Unsplash: https://unsplash.com/photos/1K6IQsQbizI

Vulnerabilities in deep

Deep Learning for vulnerability disclosure

Nowadays, the use of AI (Artificial Intelligence) algorithms has started to be used widely searching to solve problems from another perspective, the data. Data scientist have been working in...



Photo by KP Bodenstein on Unsplash: https://unsplash.com/photos/ElQI4kGSbiw

Fool the machine

Trick neural network classifiers

Artificial Neural Networks (ANNs) are certainly a wondrous achievement. They solve classification and other learning tasks with great accuracy. However, they are not flawless and might misclassify...



Git. Photo by Yancy Min on Unsplash: https://unsplash.com/photos/842ofHC6MaI/

Big Code

Learning from open source

In our Machine Learning (ML) for secure code series the mantra has always been the same: to figure out how to leverage the power of ML to detect security vulnerabilities in source code, regardless...



Photo by Andres Urena on Unsplash. Credits: https://unsplash.com/photos/k1osF_h2fzA

Natural code

Natural language processing for code security

Our return to the Machine Learning (ML) for secure code series is a bit of a digression, but one too interesting to resist. At the same time, it is not, since the Natural Language Processing (NLP)...



Binary machine learning. Credits: https://unsplash.com/photos/h3sAF1cVURw

Binary learning

Learning to exploit binaries

While our main focus, as stated previously, is to apply machine learning (ML) techniques to the discovery of vulnerabilities in source code, that is, a white-box approach to ML-guided hacking,...



Depiction of a deep neural network. Credits: https://unsplash.com/photos/R84Oy89aNKs

Deep Hacking

Deep learning for vulnerability discovery

If we have learned anything so far in our quest to understand how machine learning (ML) can be used to detect vulnerabilities in source code, it’s that what matters the most in this process are...



Chucky the actual serial killer doll

The anomaly serial killer doll

Hunting missing checks with anomaly detection

In our previous article we focused on taint-style vulnerabilites, i.e., those that are essentially due to the lack of input sanitization which allows tainted, user-controlled data to reach...



Screen showing source code

Exploiting code graphs

Mining graph representations for vulnerabilities

As we have seen in our previous revision article, probably the most interesting and successful approach to automated vulnerability detection is the pattern-based approach. Since we expect to...



Robot playing the piano

Crash course in machine learning

A survey of machine learning algorithms

In this article we clarify some of the undefined terms in our previous article and thereby explore a selection of machine learning algorithms and their applications to information security. This...



Can machines learn to hack?

Machine-learning to hack

Machine learning for vulnerability discovery

To date the most important security vulnerabilities have been found via laborius code auditing. Also, this is the only way vulnerabilities can be found and fixed during development. However, as...



Service status - Terms of Use