# Zero false positives

Expert intelligence + effective automation

• Comprehensive security testing at DevOps speed
• SAST - DAST - IAST - SCA - DevSecOps
• Attacking Web, APIs, mobile apps, Servers, Networks, IoT Devices

# Quantitative Python

Risk management with Python

Now that we have an understanding of risk concepts such as the loss exceedance curve, value-at-risk, Bayes Rule, and fitting distributions, we would like to have a realiable, extensible and preferably open tool to perform these computations. In the background, we have used a spreadsheet, which is hard to extend …

# Para bellum

Prepare for the worst risk

"Si vis pacem, para bellum", goes the old adage. If you want peace, prepare for war. In our case, the worst possible risky scenario our information assets could go into. While probability distributions, loss exceedance curves, simulated scenarios, etc, are all great for the quants in the office, at the …

# Hit or miss

Estimating attack probability

One of the main obstacles against adopting a quantitative approach to risk management is that since major security breaches are relatively rare and hence, there cannot be enough data for proper statistical analysis. While this might be true in the classical sense, it is not if we adopt a Bayesian …

How Bayes Rule affects risk

Usually, changing our beliefs is seen as a negative thing. But when those beliefs represent our state of uncertainty regarding a particular cybersecurity risk, you’d better use all the tools at hand to reduce that uncertainty, i.e., measuring. Why do we speak of "belief" and not "probability" here …

# Monetizing vulnerabilities

From probabilites to dollars and cents

In our previous article, we merely scratched the surface of the problem that quantifying risks poses, barely touching on concepts such as calibrated estimation, confidence intervals and specifying the measuring object. Now that (if?) we are convinced that: Cybersecurity risk can and should be measured in...

# Quantifying risk

From color scales to probabilities and ranges

One of the least understood parts of a vulnerability is the risk it poses to the target. On the tester side, we tend to confuse them with the threat, the attack vector and the actor. On the client side, it tends to get confused with impact and occurrence likelihood, due …

# Binary learning

Learning to exploit binaries

While our main focus, as stated previously, is to apply machine learning (ML) techniques to the discovery of vulnerabilities in source code, that is, a white-box approach to ML-guided hacking, we’ve come across an interesting approach called VDiscover, which is radically different in the following sense: Works on …

# Deep Hacking

Deep learning for vulnerability discovery

If we have learned anything so far in our quest to understand how machine learning (ML) can be used to detect vulnerabilities in source code, it’s that what matters the most in this process are the different representations of source code which are later fed to the actual ML …

# The anomaly serial killer doll

Hunting missing checks with anomaly detection

In our previous article we focused on taint-style vulnerabilites, i.e., those that are essentially due to the lack of input sanitization which allows tainted, user-controlled data to reach sensitive functions. Some of these arise due to missing checks in code, such as: failure to check authentication, authorization...

# Exploiting code graphs

Mining graph representations for vulnerabilities

As we have seen in our previous revision article, probably the most interesting and successful approach to automated vulnerability detection is the pattern-based approach. Since we expect to extract meaningful patterns from the code, we also need a "comprehensive and feature-rich representation"[1] of it. Other...

# Crash course in machine learning

A survey of machine learning algorithms

In this article we clarify some of the undefined terms in our previous article and thereby explore a selection of machine learning algorithms and their applications to information security. This is not meant to be an exhaustive list of all machine learning (ML) algorithms and techniques. We would like, however …

# Machine-learning to hack

Machine learning for vulnerability discovery

To date the most important security vulnerabilities have been found via laborius code auditing. Also, this is the only way vulnerabilities can be found and fixed during development. However, as software production rates increase, so does the need for a reliable, automated method for checking or classifiying this code in …