We discovered a WPA2 encryption bypass vulnerability (CVE-2018-18907) in a router that allows full access to a WLAN without credentials. The vendor has released a patch for the device.
Posted in Fuzz Testing | Comments Off on WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities
This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn how to create a data model for the Bitcoin network protocol, then use this model in the Defensics SDK to perform fuzzing on bitcoind.
Posted in Developer Enablement, Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol
This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.
Posted in Developer Enablement, Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network
How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.
Posted in Automotive Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing
Written in coordination with Chris Clark, Defensics product manager
Posted in Fuzz Testing | Comments Off on Debunking the top 5 Defensics fuzz testing myths
Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because of this, customers, stakeholders, and boards of directors are asking questions of development teams that they never have before. Questions like:
Posted in Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Static Analysis (SAST), Web Application Security | Comments Off on Get the latest resource helping development teams overcome widespread challenges
The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge.
Posted in Fuzz Testing, Software Architecture and Design | Comments Off on Navigating responsible vulnerability disclosure best practices
Last October, a distributed denial-of-service (DDoS) attack by the name of Mirai brought popular websites such as Netflix, Spotify, Twitter, SoundCloud, and more to their knees. Now, nearly a year later, Mirai is a distant memory, but we may not have seen the worst of Internet of Things (IoT) DDoS attacks. Security researchers at cyber threat intelligence company Check Point have been warning the public of a looming IoT botnet storm cloud ready to strike. The research group recently revealed that “a brand new Botnet, dubbed ‘IoTroop,’ [is] evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016.”
Posted in Fuzz Testing | Comments Off on How to proactively protect IoT devices from DDoS attacks
As of Sept. 12, 2017, much of the code vulnerable to BlueBorne Bluetooth attacks remains unpatched. Learn what you can do to secure your code.
Posted in Fuzz Testing, Internet of Things, Static Analysis (SAST) | Comments Off on What you need to know about BlueBorne Bluetooth flaws
In a recent open source hackathon, we found three Linux kernel vulnerabilities: CVE-2017-7645, CVE-2017-7895, and CVE-2017-8797. Here’s how we found them.
Posted in Fuzz Testing, Open Source Security | Comments Off on Synopsys finds 3 Linux kernel vulnerabilities