Static Analysis
Secure your machine learning with Semgrep
By Suha Hussain tl;dr: Our publicly available Semgrep ruleset now has 11 rules dedicated to the misuse of machine learning libraries. Try it out now! Picture this: You’ve spent months curating images, ...
Magnifier: An Experiment with Interactive Decompilation
By Alan Chang Today, we are releasing Magnifier, an experimental reverse engineering user interface I developed during my internship. Magnifier asks, “What if, as an alternative to taking handwritten notes, reverse engineering ...
Shedding smart contract storage with Slither
By Troy Sargent, Blockchain Security Engineer You think you’ve found a critical bug in a Solidity smart contract that, if exploited, could drain a widely used cryptocurrency exchange’s funds. To confirm that ...
Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain
Praetorian’s approach to cybersecurity centers around a core belief that combining innovative technologies and the best people in the business leads to real results. In our experience, neither can fully solve cybersecurity ...
Amarna: Static analysis for Cairo programs
By Filipe Casal We are open-sourcing Amarna, our new static analyzer and linter for the Cairo programming language. Cairo is a programming language powering several trading exchanges with millions of dollars in ...
Towards Practical Security Optimizations for Binaries
By Michael D. Brown, Senior Security Engineer To be thus is nothing, but to be safely thus. (Macbeth: 3.1) It’s not enough that compilers generate efficient code, they must also generate safe ...
Toward a Best-of-Both-Worlds Binary Disassembler
By Stefan Nagy This past winter, I was fortunate to have the opportunity to work for Trail of Bits as a graduate student intern under the supervision of Peter Goodman and Artem ...
The invisible C# code
Static Analysis of (the Invisible) C# SourcesFrom https://docs.microsoft.com/Does your static analysis tool see the C# source underlying your C# source? I am a compiler engineer at ShiftLeft, the designer and (main) implementor of ...
Integrations are Key to Success in DevSecOps for Embedded Development
The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and functional safety of embedded software applications ...
SAST and Unit Testing are a Perfect Match: CodeSonar and VectorCAST Integration
VectorCAST is an embedded software testing platform from Vector Informatik that supports the creation and management of test assets to help software developers validate software requirements. VectorCAST measures code coverage with automated ...