Top Takeaways from the “Knowing the Unfuzzed and Finding Bugs with Coverage Analysis” Webinar

The adoption of fuzzing has resulted in vulnerabilities being found and fixed at scale. Although it is known for a number of its benefits never seen before in other application security testing techniques, advanced users have eventually come across two key questions: 

Read More

Uncovering OpenWRT remote code execution (CVE-2020-7982)

Introduction

For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code.

Read More

ForAllSecure's Response to COVID-19

COVID-19 is a global pandemic that affects everyone. We all need to work together, and I wanted to share with you some of the things ForAllSecure is doing.

Read More

Top 3 Trends at Shmoocon 2020

On January 31, 2020, Shmoocon held their annual conference in Washington D.C. Each year, the event offers a glimpse into the upcoming trends of the year, defined by the needs of the federal industry. Outlined below are the top three trends observed by our ForAllSecure engineers.

Read More

Top 3 Webinar Takeaways: “Continuous Fuzzing: The Trending Security Technique Among Silicon Valley’s Tech Behemoths”

Over the last decade, there’s been an uptick in progressive Silicon Valley tech behemoths adopting an application security testing technique called continuous fuzzing. While effective,  fuzzing largely remains a hidden secret to the larger developer and security communities. 

Read More

Uncovering Vulnerabilities in Open Source Libraries

Introduction

In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference, Das U-Boot, and more. In this post, we will follow up on a prior article on using Mayhem to analyze..

Read More

Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL

Introduction

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries.

Read More

ForAllSecure Uncovers Critical Vulnerabilities in Das U-Boot

Introduction

This summer, I utilized ForAllSecure Mayhem, a next-generation fuzz testing solution, to analyze software that are heavily used. I felt these types of components in particular deserve more scrutiny from a security perspective. It is often believed that software that is frequently reused is more secure, because it has been reviewed..

Read More

Will Autonomous Security Kill CVEs?

How many potholes did you encounter on your way into work today? How many of them did you report to the city?

Read More

Software Is Infrastructure

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current..

Read More

Stay Connected

Information Management Today

Subscribe to updates