After winning DEF CON's annual Capture The Flag (CTF) competition five of the last seven years, the Plaid Parliament of Pwning (PPP) returns as the reigning champions during very different conditions because of COVID 19. How is the team preparing?
In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online. On April 1, Neel Mehta of Google disclosed (privately) an exploitable vulnerability to OpenSSL that would be..
ForAllSecure has launched an original podcast focused on hackers that’s available on Apple and Google (with more options to come). The Hacker Mind is a narrative style podcast, meaning we’ll be able to dig deep into subjects by interviewing more than one expert. And it’s hosted by Robert Vamosi, a CISSP and award-winning journalist and..
Continuing the discussions started at our successful FuzzCon event held earlier this year, ForAllSecure is hosting a series of follow-up sessions online called FuzzCon TV (formerly A Fuzzing Affair). Our second episode is hosted by Matt Venditto, VP for Federal Sales at ForAllSecure, and covers topics related to federal software systems. Guests..
Following a successful FuzzCon event held in person at RSAC in San Francisco earlier this year, ForAllSecure is continuing the discussion with a series of follow-up sessions online called FuzzCon TV (formerly A Fuzzing Affair). The first episode is designed to be an introduction to fuzzing. It is hosted by Chelsea Mastilak, Corporate & Field..
Last month Guido Vranken hosted a successful Reddit AMA, sharing insight on his experience as a professional vulnerability researcher. Top questions from Reddit included what advice he had for someone looking to make money from vulnerability research, his process for hacking, and what advice he had specifically for someone heading off to..
There are several benefits for using Static Analysis Security Testing (SAST) for your software security. Having previously worked at Coverity (now Synopsys), I’m intimately familiar with the arguments in favor of using SAST. While there have been a lot of successes (such as adoption in the OSS community through Coverity SCAN), I’ve also seen..
Leaders proactively mitigate risk. One large risk they can mitigate is being blindsided by an unknown software vulnerability. Attackers who find an unknown vulnerability potentially can exploit all of an agency’s systems. When agency IT teams find a vulnerability first, they can make sure it is fixed or remediated before an attack occurs. With..
On February 24, 2020, ForAllSecure competed in the RSA Innovation Sandbox (ISB) as a Top 10 Finalist. The opportunity to compete has been an extreme honor because the annual event is deemed the Oscars of cybersecurity. RSA explains that the purpose of the competition is to, “bring out cybersecurity’s boldest new innovators who have made it..
Fuzz testing is an effective technique for uncovering serious defects in software. From the Heartbleed vulnerability in 2014 to the infamous Jeep Cherokee hacking in 2015, fuzz testing is the technique that has made many high-profile discoveries possible. Consistently, fuzzing is proven to be a powerful tool for ensuring the safety, security,..