Dynamic Analysis

Introducing DIFFER, a new tool for testing and validating transformed programs

Introducing DIFFER, a new tool for testing and validating transformed programs

| | Dynamic Analysis, open source
By Michael Brown We recently released a new differential testing tool, called DIFFER, for finding bugs and soundness violations in transformed programs. DIFFER combines elements from differential, regression, and fuzz testing to ...
Trail of Bits Blog

Internet freedom with the Open Technology Fund

| | audits, Dynamic Analysis, Ecosystem Security, Engineering Practice, open source, supply chain, Uncategorized
By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...
Trail of Bits Blog

Security flaws in an SSO plugin for Caddy

| | attacks, audits, Dynamic Analysis, Exploits, Go, Mitigations, Program Analysis, Semgrep, Static Analysis
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Trail of Bits Blog
vulnerability curl patch

Dynamic Code Analysis: A Primer

| | Cyber Security, Dynamic Analysis, Software Testing, Static Analysis
The development of a fully optimized and secure application or software requires a wide array of testing tools and analyzers to verify the quality of the application and to make sure that ...
Security Boulevard

Everything You Ever Wanted To Know About Test-Case Reduction, But Didn’t Know to Ask

| | Dynamic Analysis, fuzzing, Research Practice
Imagine reducing the amount of code and time needed to test software, while at the same time increasing the efficacy of your tests and making your debugging tasks easier—all with minimal human ...
Trail of Bits Blog

Security assessment techniques for Go projects

| | Compilers, Dynamic Analysis, education, fuzzing, Go, Kubernetes, Static Analysis
The Trail of Bits Assurance practice has received an influx of Go projects, following the success of our Kubernetes assessment this summer. As a result, we’ve been adapting for Go projects some ...
Trail of Bits Blog
BSidesPhilly cg09 File Polyglottery or This Proof of Concept is Also a Picture of Cats Evan Sultanik

Two New Tools that Tame the Treachery of Files

| | darpa, Dynamic Analysis, Program Analysis, Research Practice
Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible ...
Trail of Bits Blog

Panicking the right way in Go

| | blockchain, Dynamic Analysis, Go
A common Go idiom is to (1) panic, (2) recover from the panic in a deferred function, and (3) continue on. In general, this is okay, so long there are no global ...
Trail of Bits Blog

Announcing Manticore 0.3.0

| | Dynamic Analysis, Manticore, Research Practice
Earlier this week, Manticore leapt forward to version 0.3.0. Advances for our symbolic execution engine now include: “fast forwarding” through concrete execution that you don’t care about, support for Linux binaries statically ...
Trail of Bits Blog

Fuzzing Unit Tests with DeepState and Eclipser

| | Dynamic Analysis, fuzzing, Symbolic Execution
If unit tests are important to you, there’s now another reason to use DeepState, our Google-Test-like property-based testing tool for C and C++. It’s called Eclipser, a powerful new fuzzer very recently ...
Trail of Bits Blog
Load more