Hot Topics

Static Analysis

Security flaws in an SSO plugin for Caddy

| | attacks, audits, Dynamic Analysis, Exploits, Go, Mitigations, Program Analysis, Semgrep, Static Analysis
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Trail of Bits Blog

Top Considerations in Mastering SAST

| | CodeSonar, DevSecOps adoption, GrammaTalk, SAST, shift left, Static Analysis
Actions to Introduce Application Security in DevSecOps Developers are busy and introducing new tools or new processes is often met with resistance, and rightfully so. This is compounded when developers don’t understand ...
GrammaTalk | Grammatech
Top Considerations in Mastering SAST

Top Considerations in Mastering SAST

| | CodeSonar, DevSecOps adoption, SAST, shift left, Static Analysis
Actions to Introduce Application Security in DevSecOps ...
Blog

Working on blockchains as a Trail of Bits intern

| | blockchain, Static Analysis, Uncategorized, Working at Trail of Bits
By Vara Prasad Bandaru Earlier this year, I successfully completed my internship at Trail of Bits and secured a full-time position as a Blockchain Security Analyst. This post is not intended to ...
Trail of Bits Blog
DEF CON 29 Red Team Village - Panel - The future of AI, Machine Learning, and Offensive Security

Secure your machine learning with Semgrep

| | machine learning, Research Practice, Static Analysis
By Suha Hussain tl;dr: Our publicly available Semgrep ruleset now has 11 rules dedicated to the misuse of machine learning libraries. Try it out now! Picture this: You’ve spent months curating images, ...
Trail of Bits Blog
Magnifier: An Experiment with Interactive Decompilation

Magnifier: An Experiment with Interactive Decompilation

| | Internship Projects, Program Analysis, Static Analysis
By Alan Chang Today, we are releasing Magnifier, an experimental reverse engineering user interface I developed during my internship. Magnifier asks, “What if, as an alternative to taking handwritten notes, reverse engineering ...
Trail of Bits Blog
Shedding smart contract storage with Slither

Shedding smart contract storage with Slither

| | blockchain, Slither, Static Analysis, Uncategorized
By Troy Sargent, Blockchain Security Engineer You think you’ve found a critical bug in a Solidity smart contract that, if exploited, could drain a widely used cryptocurrency exchange’s funds. To confirm that ...
Trail of Bits Blog
Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain

Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain

| | Application Security, Artificial Intelligence, Attack Chains, Attack Surface Management, Chariot, Findings, IoT Security, Multi-Vector Attacks, people, security insights, Severity, Static Analysis, Vulnerability Research
Praetorian’s approach to cybersecurity centers around a core belief that combining innovative technologies and the best people in the business leads to real results. In our experience, neither can fully solve cybersecurity ...
Blog - Praetorian
Amarna: Static analysis for Cairo programs

Amarna: Static analysis for Cairo programs

| | cryptography, Static Analysis
By Filipe Casal We are open-sourcing Amarna, our new static analyzer and linter for the Cairo programming language. Cairo is a programming language powering several trading exchanges with millions of dollars in ...
Trail of Bits Blog
Towards Practical Security Optimizations for Binaries

Towards Practical Security Optimizations for Binaries

| | attacks, Exploits, reversing, Static Analysis
By Michael D. Brown, Senior Security Engineer To be thus is nothing, but to be safely thus. (Macbeth: 3.1) It’s not enough that compilers generate efficient code, they must also generate safe ...
Trail of Bits Blog
Load more