Software Integrity Blog

Archive for the 'Fuzz Testing' Category


Synopsys finds 3 Linux kernel vulnerabilities

In a recent open source hackathon, we found three Linux kernel vulnerabilities: CVE-2017-7645, CVE-2017-7895, and CVE-2017-8797. Here’s how we found them.

Continue Reading...

Posted in Fuzz Testing, Open Source Security


Zeroing in on zero day vulnerabilities

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them — to surveil targets by activating microphones and receivers as well as eavesdropping on communications.

Continue Reading...

Posted in Fuzz Testing, Static Analysis (SAST)


With comparisons to Heartbleed, Cloudbleed may affect millions

The new Cloudbleed vulnerability, like Heartbleed, was discovered through routine fuzz testing and may affect 5.5 million websites and millions of users.

Continue Reading...

Posted in Cloud Security, Fuzz Testing


Bug elimination: Code scanning, fuzzing, and composition analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds a Ph.D. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, Black Hat, ToorCon, GrrCON, and HITB. He is currently the co-founder of VDA Labs.

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis (SCA), Static Analysis (SAST), Web Application Security


Ticketbleed: The next black swan

Ticketbleed is a software vulnerability in a feature of the TLS/SSL stack that allows a remote attacker to extract sensitive information.

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis (SCA)


Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

Two years after its disclosure, the vulnerability in OpenSSL known as Heartbleed remains significant. There are valuable lessons still to be learned both about how the vulnerability was initially discovered and how the security community has responded over time.

Continue Reading...

Posted in Fuzz Testing, IoT Security, Open Source Security


Defensics Agent Framework

During past few months, Synopsys R&D has been busy with improving the Defensics instrumentation capabilities. Focus has been given to providing more powerful tools for controlling and monitoring the status of the system under test (SUT). Fuzzing is an effective testing technique but it is sometimes hard to detect an exact testcase or sequence which caused the failure in SUT. For setting up better diagnostic for SUT and enabling improved information flow from test target to Defensics test solution, we have developed the Defensics Agent Instrumentation Framework.

Continue Reading...

Posted in Fuzz Testing


Heartbleed vulnerability: What should you do?

By now, you’ve surely heard about the Heartbleed vulnerability (CVE-2014-0160) in OpenSSL 1.0.1 through 1.0.1f (inclusive). The vulnerability has been present in OpenSSL since December 2011. Many websites have discussed the details of the bug, and I will not go into the deep technical details here. I will describe the bug at a high level, and then discuss the impact of the bug and what you should do about it. In the remainder of this post, I’ll refer to “vulnerable versions of OpenSSL” as simply OpenSSL. Overview of the Heartbleed vulnerability Although the bug that causes the Heartbleed vulnerability is in the OpenSSL library, it has nothing to do with the SSL/TLS protocols themselves. It involves code that handles the heartbeat extension (RFC 6520) for TLS/DTLS. The heartbeat messages can be sent even before a TLS handshake is completed. RFC 6520 states: However, a HeartbeatRequest message SHOULD NOT be sent during handshakes… The receiving peer SHOULD discard the message silently, if it arrives during the handshake. Due to the use of ‘SHOULD,’ these are recommendations and not requirements. OpenSSL apparently responds to heartbeat requests even before the handshake is completed. So, even servers that require client certificates for authentication are vulnerable.

Continue Reading...

Posted in Fuzz Testing, Web Application Security