Collaborate Disseminate
This is conceptual I know so let me know if there’s a better place to ask this. I’m wondering how people can view a piece of code in a repo they aren’t familiar with, or simply didn’t write, and connect it to specific user-input point like… Continue reading How do you connect a piece of code in a repo to an actual user-input point in an app?
I am working on security analysis of jwt python libraries. I want to analyze how the libraries work and how they were used in development. Not the source code. Also I have to check the jwt libraries against known attacks like:
None algori… Continue reading How to perform security analysis of jwt authentication libraries
I am using python to create a security testbed program. There is a recorded audio file and in it attacking is happening. I am able to read the audio file and got a result in digital. The audio file is stereotyped and it has two channels le… Continue reading how to detect a threat in a signal processing?
I am planning to purchase a security tool like fortify, or sonarqube or snyk.
How do you evaluate if the scanner really picks up static vulnerabilities and malware, as well runtime attacks?
Any good docker image sample which contains good … Continue reading How do you test security tools
I am learning smart contract programming on Ethereum (using Solidity) and realizing that security is highly important here. Why? Because of 2 reasons: they deal with high-stake financial transactions, and smart contracts are immutable once… Continue reading How is "Smart Contract" security different?
A static analysis of an iOS application on MobSF showed a warning that SYMBOLS STRIPPED is set to false. Can anyone please explain what this setting means and if it is a significant issue that warrants an action?
Continue reading What is SYMBOLS STRIPPED in iOS application? [closed]
Last year Intel released a white paper on a joint research effort with Microsoft concerning the possibility to perform malware analysis by converting a file to an image and then applying a deep neural network model on it.
In the said white… Continue reading Pixel File Size in STAMINA [closed]
A recent blog post, “Automotive software defects”, from Phil Koopman, Carnegie Mellon professor and author of “Better Embedded Software”, talks about increasing number of software defects in automotive software that are significant safety hazards…. Continue reading Automotive Software Safety and Security Still Needs Improvement
I have installed Fortify latest version(20.2) in my Agent and trying to run scan in pipeline(Azure DevOps). THe scans are working fine but when Im trying to upload the FPR file it throws the below error.
Error:
fortifyclient uploadFPR -url… Continue reading Fortify Static Scan – Upload FPR throws Access Denied [closed]
Over the years we have seen our customers “shifting left” to take advantage of building in security versus testing for security later in the lifecycle. As advanced SAST tools such as CodeSonar mature, we see that our customers are interested in th… Continue reading GrammaTech Releases CodeSonar 6.0 with Improved Analysis, Visualization, Reporting and Unified Java Analysis