Software Integrity

Archive for the 'Developer Enablement' Category

 

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn […]

Continue Reading...

Posted in Developer Enablement, Fuzz Testing

 

Tineola: Taking a bite out of enterprise blockchain

Parsia Hakimian and Stark Riedesel presented Tineola at DEF CON 26 Enterprise blockchain platforms are one of the big questions faced by many corporations, including some of our customers. And when our customers come to us with complex problems, we take their unique situations into consideration and come up with tailored solutions. So when our […]

Continue Reading...

Posted in Developer Enablement, Red Teaming

 

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process. This is an advanced technical tutorial, and you will need some background […]

Continue Reading...

Posted in Developer Enablement, Fuzz Testing

 

Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type

A list that recently hit Hashes.org, with 1 million records and a low crack rate, looked like an interesting target, given that the community had recovered less than 0.5% of the hashes. On taking a closer look, we quickly found out why: Out of the box, only JtR Jumbo carries support for the XenForo hash […]

Continue Reading...

Posted in Developer Enablement

 

Power(Shell) to the people

Type less, write cleaner scripts, run consistently across platforms, and other reasons why Linux and OS X users can fall in love with PowerShell.

Continue Reading...

Posted in Developer Enablement

 

Checklist: Do your software testing tools empower your developers?

Finding and resolving security issues early in the development process saves your organization both time and money. It’s inefficient to implement solutions further along in the software development life cycle (SDLC). But addressing issues early in the process is easier said than done. The first step in improving your application security posture is choosing the […]

Continue Reading...

Posted in Developer Enablement

 

4 key differences moving from Java to .NET Core, part 1

Getting started with .NET Core? If you’re exploring C#, you’ll find it borrows much from Java. Here are a few prominent differences you should be aware of as you move from Java to .NET Core.

Continue Reading...

Posted in Developer Enablement, Open Source Security

 

Vulnerability remediation: You only have 4 options

In my previous post, I wrote about a simple process for triaging vulnerabilities across applications. Once you have the issues prioritized, the vulnerability remediation process is pretty straightforward. You don’t have a lot of options; either remediate the issue, ignore it, or apply other measures (compensating controls) to mitigate the risk posed by the vulnerability.

Continue Reading...

Posted in Developer Enablement, Open Source Security

 

AngularJS security series part 1: Angular $http service

Welcome to the first part in our AngularJS Security Series. Here, we’ll discuss the various solutions to write more secure applications. Our goal is simple: to help developers better understand Angular and embrace the practice of writing more secure code. – Stephen Teilhet, Lewis Ardern, & David Johansson The AngularJS Module is the basic building block of […]

Continue Reading...

Posted in Developer Enablement

 

AngularJS is secure by default, right? Not so fast.

AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. While Angular adds much-needed features to the language, it also creates a handful of new problems for developers. Due to this, I’ve teamed up with Lewis Ardern to pose a simple question with a not-so-simple answer: Google built AngularJS […]

Continue Reading...

Posted in Developer Enablement