Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO
Target and darts

Further down code2vec

Vector representations of code

Let us continue with our series on representing objects as vectors: natural language, code, let us take a deeper look at how code2vec works. Even personality profiles can be represented as vectors...



Arrows vector field

Embedding code into vectors

Vector representations of code

As we have stated over and over in the past, the most critical step in our ongoing project of building a machine learning (ML) based code classifier will be that of representing the code as...



Photo by Franck V. on Unsplash: https://unsplash.com/photos/_E1PQXKUkMw

The Vectors of Language

Distributed representations of natural language

Recall that in previous iterations we described the required steps for our code classifier to work, which can be roughly summarized as: Fetching data. Representing code as vectors. Training the...



Photo by camilo jimenez on Unsplash: https://unsplash.com/photos/vGu08RYjO-s

Triage for Hackers

Prioritize code auditing via ML

Based upon our last experiment, in this article, I will provide a global vision of how our ML for vulnerability discovery approach should work. First, what problem would this solve? I am repeating...



Photo by Rishi Deep on Unsplash: https://unsplash.com/photos/WiCvC9u7OpE

Vulnerability classifiers

A pipeline to classify vulnerable code

After our encounter with the Python machine learning ecosystem, we are now ready for a first attempt at creating a vulnerability classifier from samples of labeled code. Our objective is to...



Computer showing a graph

Digression to Regression

Simple linear regression in scikit

After our risk quantification series, it should come as no surprise that we like numbers and measuring. However, when confronted with the question, "Why do you need to translate code into...



Person using a Syringe filled with bad stuff

Tainted love

It's all about sanitization

In several past articles, we have briefly touched on the concept of taint analysis. In this article, we will fill in the knowledge gaps regarding taint analysis which may have resulted from our...



Photo by KP Bodenstein on Unsplash: https://unsplash.com/photos/ElQI4kGSbiw

Fool the Machine

Trick neural network classifiers

Artificial Neural Networks (ANNs) are certainly a wondrous achievement. They solve classification and other learning tasks with great accuracy. However, they are not flawless and might misclassify...



Git. Photo by Yancy Min on Unsplash: https://unsplash.com/photos/842ofHC6MaI/

Big Code

Learning from open source

In our Machine Learning (ML) for secure code series the mantra has always been the same: to figure out how to leverage the power of ML to detect security vulnerabilities in source code, regardless...



Photo by Andres Urena on Unsplash. Credits: https://unsplash.com/photos/k1osF_h2fzA

Natural Code

Natural language processing for code security

Our return to the Machine Learning (ML) for secure code series is a bit of a digression, but one too interesting to resist. It is not too far a digression though, because the Natural Language...



Parsing code. Photo by Markus Spiske on Unsplash: https://unsplash.com/photos/hvSr_CVecVI

Parse and Conquer

Why Asserts uses Parser combinators

As you might have noticed at Fluid Attacks we like parser combinators, functional programming, and of course, Python. In the parser article, we showed you the essentials of Pyparsing and we also...



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more...




Service status - Terms of Use