Young hacker smiling
Python proofreading a document

Pars orationis non est secura

Using parser combinators to detect flaws
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon detect,  injection,  scanner

We like bWAPP around here, because it’s very buggy!. We have shown here how to find and exploit vulnerabilities like SQL injection, directory traversal, XPath injection, and UNIX command injection. All of these have one thing in common, namely: they could have been prevented with a little Input Validation …



Pythia and supplicant in the Oracle of Delphi

The Oracle of Code

About code as data
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon testing,  application,  detect

“Most programs are too large to understand in complete detail”. This was written in the 80’s.[1] Imagine the situation today. Hence the need for automated tools to aid in the process of analyzing code. The solution, according to Oege de Moor from Semmle, is obvious: treat code as …



Person playing chess against a robotic arm

Will machines replace us?

Automatic detection vs manual detection
Quill icon Andres Cuberos   Folder icon philosophy   Tag icon application,  detect,  vulnerability,  scanner

More than 20 years have passed since Garry Kasparov, the chess world champion, was defeated by Deep Blue, the supercomputer designed by IBM. For many people, that event was proof that machines had managed to exceed human intelligence [1]. This believe raised many doubts and concerns regarding technological advance, that …



Service status - Terms of Use