Software Integrity Blog

Archive for the 'Fuzz Testing' Category

 

WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities

We discovered a WPA2 encryption bypass vulnerability (CVE-2018-18907) in a router that allows full access to a WLAN without credentials. The vendor has released a patch for the device.

Continue Reading...

Posted in Fuzz Testing

 

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn […]

Continue Reading...

Posted in Developer Enablement, Fuzz Testing

 

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process. This is an advanced technical tutorial, and you will need some background […]

Continue Reading...

Posted in Developer Enablement, Fuzz Testing

 

How to break car kits with Bluetooth fuzz testing

How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.

Continue Reading...

Posted in Automotive Security, Fuzz Testing

 

Debunking the top 5 Defensics fuzz testing myths

Written in coordination with Chris Clark, Defensics product manager Over the last year, we’ve noticed a rise in Defensics myths. Admittedly, this doesn’t surprise me. Myths abound in technology markets, where facts and figures often stand in contrast to conventional wisdom, and the fuzz testing market is a particularly challenging one to navigate. I suspect […]

Continue Reading...

Posted in Fuzz Testing

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]

Continue Reading...

Posted in Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Static Analysis (SAST), Web Application Security

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Fuzz Testing, Software Architecture and Design

 

How to proactively protect IoT devices from DDoS attacks

Last October, a distributed denial-of-service (DDoS) attack by the name of Mirai brought popular websites such as Netflix, Spotify, Twitter, SoundCloud, and more to their knees. Now, nearly a year later, Mirai is a distant memory, but we may not have seen the worst of Internet of Things (IoT) DDoS attacks. Security researchers at cyber […]

Continue Reading...

Posted in Fuzz Testing

 

What you need to know about BlueBorne Bluetooth flaws

As of Sept. 12, 2017, much of the code vulnerable to BlueBorne Bluetooth attacks remains unpatched. Learn what you can do to secure your code.

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Static Analysis (SAST)

 

Synopsys finds 3 Linux kernel vulnerabilities

In a recent open source hackathon, we found a remote DoS vulnerability (CVE-2017-7645), a lack of buffer checks (CVE-2017-7895), and another remote DoS vulnerability (CVE-2017-8797). Learn more about these Linux kernel vulnerabilities and how we found them. At Synopsys, our R&D teams routinely organize internal hackathons to verify the Synopsys Software Integrity Portfolio’s performance in […]

Continue Reading...

Posted in Fuzz Testing, Open Source Security