Software Integrity Blog

Archive for the 'Fuzz Testing' Category

 

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.

Continue Reading...

Posted in Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

 

How to break car kits with Bluetooth fuzz testing

How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.

Continue Reading...

Posted in Automotive Cyber Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing

 

Debunking the top 5 Defensics fuzz testing myths

Written in coordination with Chris Clark, Defensics product manager

Continue Reading...

Posted in Fuzz Testing | Comments Off on Debunking the top 5 Defensics fuzz testing myths

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge.

Continue Reading...

Posted in Fuzz Testing, Software Architecture & Design | Comments Off on Navigating responsible vulnerability disclosure best practices

 

How to proactively protect IoT devices from DDoS attacks

Ensure that your business-critical software is resilient enough to withstand DDoS attacks and that your IoT devices’ attack surfaces are hardened.

Continue Reading...

Posted in Fuzz Testing | Comments Off on How to proactively protect IoT devices from DDoS attacks

 

What you need to know about BlueBorne Bluetooth flaws

As of Sept. 12, 2017, much of the code vulnerable to BlueBorne Bluetooth attacks remains unpatched. Learn what you can do to secure your code.

Continue Reading...

Posted in Fuzz Testing, IoT Security, Static Analysis (SAST) | Comments Off on What you need to know about BlueBorne Bluetooth flaws

 

Synopsys finds 3 Linux kernel vulnerabilities

In a recent open source hackathon, we found three Linux kernel vulnerabilities: CVE-2017-7645, CVE-2017-7895, and CVE-2017-8797. Here’s how we found them.

Continue Reading...

Posted in Fuzz Testing, Open Source Security | Comments Off on Synopsys finds 3 Linux kernel vulnerabilities

 

Zeroing in on zero day vulnerabilities

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them — to surveil targets by activating microphones and receivers as well as eavesdropping on communications.

Continue Reading...

Posted in Fuzz Testing, Static Analysis (SAST) | Comments Off on Zeroing in on zero day vulnerabilities

 

With comparisons to Heartbleed, Cloudbleed may affect millions

The new Cloudbleed vulnerability, like Heartbleed, was discovered through routine fuzz testing and may affect 5.5 million websites and millions of users.

Continue Reading...

Posted in Cloud Security, Fuzz Testing | Comments Off on With comparisons to Heartbleed, Cloudbleed may affect millions

 

Bug elimination: Code scanning, fuzzing, and composition analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds a Ph.D. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, Black Hat, ToorCon, GrrCON, and HITB. He is currently the co-founder of VDA Labs.

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis (SCA), Static Analysis (SAST), Web Application Security | Comments Off on Bug elimination: Code scanning, fuzzing, and composition analysis