Static Analysis tool CodeSonar

How Sound Static Analysis Complements Heuristic Analysis

Wednesday, September 18, 2019

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very sophisticated abstract interpretation-like algorithms that reason about potential executions. Each approach has its strengths and weaknesses and often tools, like GrammaTech CodeSonar, use a combination …

software security - DevSecOps

Tainted Data and Format String Attack Strike Again

Monday, September 09, 2019

A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes and in particular, certain versions of the software running on these products, PAN-OS. The vulnerability was discovered by security researchers Orange Tsai and Meh Chang and documented on their blog. …