Dominik 'disconnect3d' Czarnota, Author at Security Boulevard

Hot Topics

Scaling Application Security With Application Security Posture Management (ASPM)
Crunching Some Numbers on PHP Support
Google Chrome DBSC Protection Tested Against Cookie Attacks
What is SOC 2 Compliance Audit?
The Dark Side of EDR: Repurpose EDR as an Offensive Tool

Typos that omit security features and how to test for them

Dominik 'disconnect3d' Czarnota | April 20, 2023 | audits, Mitigations

By Dominik ‘disconnect3d’ Czarnota During a security audit, I discovered an easy-to-miss typo that unintentionally failed to enable _FORTIFY_SOURCE, which helps detect memory corruption bugs in incorrectly used C functions. We searched, found, and fixed twenty C and C++ bugs on GitHub with this same pattern. Here is a list ... Read More

Trail of Bits Blog

How to check if a mutex is locked in Go

Dominik 'disconnect3d' Czarnota | June 9, 2020 | Go

TL;DR: Can we check if a mutex is locked in Go? Yes, but not with a mutex API. Here’s a solution for use in debug builds. Although you can Lock() or Unlock() a mutex, you can’t check whether it’s locked. While it is a reasonable omission (e.g., due to possible ... Read More

Trail of Bits Blog