Static Analysis

Adversarial Oracles: LLM-Guided EDR Signature Reduction

Adversarial Oracles: LLM-Guided EDR Signature Reduction

| | adversarial, AI Security, Offensive Security, open source, Red Team, Static Analysis, Tools & Techniques
In previous blog posts we’ve talked about getting nerd sniped. Today we’re going to talk about a kind of nerd sniping that any offensive security tool creator is familiar with; when your ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
vibe coding, vulnerabilities

Security Degradation in AI-Generated Code: A Threat Vector CISOs Can’t Ignore

| | AI coding assistants, AI safety research, AI-generated code vulnerabilities, CISO priorities, code security study, developer upskilling, DevSecOps and AI, feedback loop security, Human/AI collaboration, iterative code degradation, LLM security risks, secure by design, Secure SDLC, Static Analysis, vulnerability introduction
A new study shows LLMs introduce more vulnerabilities with each code iteration, highlighting critical risks for CISOs and the need for skilled human oversight ...
Security Boulevard
ST blog- Fig 1

Radix-ST for Static Security Analysis

| | Blog, Hardware Security, Hardware Security Applications, Static Analysis
Cycuity recently expanded the Radix family with the introduction of Radix-ST , adding static security analysis capabilities to our hardware security verification solutions. This addition strengthens security assurance by complementing existing dynamic ...
Cycuity

Using SAST and MISRA Memory Safety Standards to Prevent the Next CrowdStrike Debacle

| | CodeSonar, Cyber Security, DevSecOps, SAST, Static Analysis, TalkSecure Blog
The Problem A common coding error in a CrowdStrike Falcon update caused critical system outages around the world starting on Friday July 19th 2024. The culprit? A Null Pointer Dereference (also known as CWE-476) in a ...
CodeSecure
Streamline your static analysis triage with SARIF Explorer

Streamline your static analysis triage with SARIF Explorer

| | Static Analysis, Tool Release
By Vasco Franco Today, we’re releasing SARIF Explorer, the VSCode extension that we developed to streamline how we triage static analysis results. We make heavy use of static analysis tools during our ...
Trail of Bits Blog
Pickle overlaying Python code snippet for the fickling tool

Relishing new Fickling features for securing ML systems

| | machine learning, open source, Static Analysis
By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, ...
Trail of Bits Blog

Circomspect has been integrated into the Sindri CLI

| | blockchain, cryptography, Static Analysis, Zero Knowledge
By Jim Miller Our tool Circomspect is now integrated into the Sindri command-line interface (CLI)! We designed Circomspect to help developers build Circom circuits more securely, particularly given the limited tooling support ...
Trail of Bits Blog

2024 Trends Affecting Software Product Security

| | CodeSonar, predictions, SBN News, software supply chain, Static Analysis, TalkSecure
The post 2024 Trends Affecting Software Product Security appeared first on CodeSecure ...
TalkSecure | CodeSecure

Say hello to the next chapter of the Testing Handbook!

| | CodeQL, Static Analysis
By Fredrik Dahlgren Today we are announcing the latest addition to the Trail of Bits Testing Handbook: a brand new chapter on CodeQL! CodeQL is a powerful and versatile static analysis tool, ...
Trail of Bits Blog

DevSecOps Trend Drivers

| | agile development, CodeSecure, DevSecOps, Static Analysis, TalkSecure
The post DevSecOps Trend Drivers appeared first on CodeSecure ...
TalkSecure | CodeSecure
Load more