Young hacker smiling

Zero false positives

Expert intelligence + effective automation

Parsing code. Photo by Markus Spiske on Unsplash: https://unsplash.com/photos/hvSr_CVecVI

Parse and Conquer

Why Asserts uses Parser combinators

As you might have noticed, at Fluid Attacks we like parser combinators, functional programming, and, of course, Python. In the parser article, I showed you the essentials of Pyparsing and we also showed how to leverage its power to find SQL injections in a PHP application. Here we will extend …



Git On Steroids

Git on steroids

From messy logs to Data Analytics

There is a universal law that anyone in the tech world should know: If you ask a programmer to do something, he/she will do it their way. Even though creativity, abstract thinking, and putting your signature in your source code is a fundamental part of programming, sometimes it also …



Pickled cucumbers

Gherkin on steroids

How to document detailed attack vectors

In the field of information security, finding all vulnerabilities is as important as reporting them as soon as possible. For that, we need an effective means to communicate with all stakeholders. We have proposed before using Gherkin. In that entry, we showed how to use Gherkin's syntax in order …



Cucumber slices

Is your app in a pickle?

Documenting vulnerabilities with gherkin

Gherkin is a simple language that can be used for software documentation and testing. It can be thought of as a tool for communication between stakeholders and developers which helps minimize misunderstandings and regressions through precision in the definition of use-case scenarios. Figure 1. Behaviour-driven...



Doll using a magnifying glass while searching through a set of data

Symbolic execution for mortals

What is it and how it works

In 2003 the Defense Advanced Research Projects Agency, DARPA, announced the Cyber Grand Challenge, a two-year competition seeking to create automatic systems for vulnerability detection, exploitation, and patching in near real-time which brought quite a big and complex task to the table. With this task symbolic...



Service status - Terms of Use