Young hacker smiling
Pythia and supplicant in the Oracle of Delphi

The Oracle of Code

About code as data
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon testing,  application,  detect

“Most programs are too large to understand in complete detail”. This was written in the 80’s.[1] Imagine the situation today. Hence the need for automated tools to aid in the process of analyzing code. The solution, according to Oege de Moor from Semmle, is obvious: treat code as …

Orion carrying Cedalion

Stand on the shoulders of giants

About software composition analysis
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon testing,  dependency,  vulnerability

In our last post, we reproduced the discovery of a vulnerability in libpng. But that is only a small library, you might say, with a very limited scope and only 556 KiB installed. However, many, many packages depend on it. To see how many packages in the Arch Linux repository …

Infinite Monkey Theorem

The infinite monkey fuzzer

Fuzz testing using American Fuzzy Lop
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon fuzzing,  application,  testing

In our last entry, we argued that fuzzing is both “dumb” and surprising. In this article, we’ll continue exploring the possibilities of fuzzing. This time though, we’ll focus on desktop application fuzzing, specifically UNIX applications written in C. When developing in C, you usually have to handle memory …

Service status - Terms of Use