Inside DEF CON’s Champion CTF Team PPP

After winning DEF CON's annual Capture The Flag (CTF) competition five of the last seven years, the Plaid Parliament of Pwning (PPP) returns as the reigning champions during very different conditions because of COVID 19. How is the team preparing?  

Read More

The Fuzzing Files: The Anatomy of a Heartbleed

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online. On April 1, Neel Mehta of Google disclosed (privately) an exploitable vulnerability to OpenSSL that would be..

Read More

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure has launched an original podcast focused on hackers that’s available on Apple and Google (with more options to come). The Hacker Mind is a narrative style podcast, meaning we’ll be able to dig deep into subjects by interviewing more than one expert. And it’s hosted by Robert Vamosi, a CISSP and award-winning journalist and..

Read More

FuzzCon TV Tackles Federal Fuzz Testing

Continuing the discussions started at our successful FuzzCon event held earlier this year, ForAllSecure is hosting a series of follow-up sessions online called FuzzCon TV (formerly A Fuzzing Affair). Our second episode is hosted by Matt Venditto, VP for Federal Sales at ForAllSecure, and covers topics related to federal software systems. Guests..

Read More

FuzzCon TV Launches With An Introduction to Fuzzing Panel

Following a successful FuzzCon event held in person at RSAC in San Francisco earlier this year, ForAllSecure is continuing the discussion with a series of follow-up sessions online called FuzzCon TV (formerly A Fuzzing Affair). The first episode is designed to be an introduction to fuzzing. It is hosted by Chelsea Mastilak, Corporate & Field..

Read More

Life As A Professional Hacker

Last month Guido Vranken hosted a successful Reddit AMA, sharing insight on his experience as a professional vulnerability researcher. Top questions from Reddit included what advice he had for someone looking to make money from vulnerability research, his process for hacking, and what advice he had specifically for someone heading off to..

Read More

Challenging ROI Myths Of Software Application Security Testing (SAST)

There are several benefits for using Static Analysis Security Testing (SAST) for your software security.  Having previously worked at Coverity (now Synopsys), I’m intimately familiar with the arguments in favor of using SAST. While there have been a lot of successes (such as adoption in the OSS community through Coverity SCAN), I’ve also seen..

Read More

Why fuzzing is your friend for DevSecOps

Leaders proactively mitigate risk. One large risk they can mitigate is being blindsided by an unknown software vulnerability. Attackers who find an unknown vulnerability potentially can exploit all of an agency’s systems. When agency IT teams find a vulnerability first, they can make sure it is fixed or remediated before an attack occurs. With..

Read More

Why ForAllSecure Is A 2020 RSA Innovation Sandbox Finalist

On February 24, 2020, ForAllSecure competed in the RSA Innovation Sandbox (ISB) as a Top 10 Finalist. The opportunity to compete has been an extreme honor because the annual event is deemed the Oscars of cybersecurity. RSA explains that the purpose of the competition is to, “bring out cybersecurity’s boldest new innovators who have made it..

Read More

Top 3 Technical Barriers to Fuzz Testing

Fuzz testing is an effective technique for uncovering serious defects in software. From the Heartbleed vulnerability in 2014 to the infamous Jeep Cherokee hacking in 2015, fuzz testing is the technique that has made many high-profile discoveries possible. Consistently, fuzzing is proven to be a powerful tool for ensuring the safety, security,..

Read More

Stay Connected

Information Management Today

Subscribe to updates