Product Security
Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian
Tom Eston | | Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Embedded Systems, Episodes, firmware, firmware security, Greatest Hacks, Information Security, Infosec, Internet, Internet of things, iot, Paul Asadoorian, Pauldotcom, Pauls Security Weekly, Podcast, Podcaster, Podcasts, Privacy, Product, Product Security, security, Security Podcasts, Security Weekly Podcast, security-weekly, technology, Weekly Edition
Paul Asadoorian, OG security podcaster and host of the popular Paul’s Security Weekly podcast, joins us in this episode to talk about his career as one of the original security podcasters. Paul’s ...
Two Key New Features in CodeSonar
CodeSonar 7.3 is available to all customers under current support and maintenance agreements and as always, GrammaTech highly recommends that users upgrade to the latest release. The release notes provide a great ...
Dynamic Linking Injection and LOLBAS Fun
Dynamic-Linking Injection and LOLBAS Fun Introduction LoadLibrary and LoadLibraryEx are how Windows applications load shared libraries at runtime. Praetorian recently tested a .NET web application that unsafely passed user input into LoadLibrary ...
SAST Tools Must Support Your Embedded Operating Systems, Toolchains & Compilers – Chose Wisely
Embedded software development is very close to the development platform used. Whether it’s bare metal development, commercial RTOS or embedded Linux, the tool chain is an important component in software development. It’s ...
SAST Tools Must Support Your Embedded Operating Systems, Toolchains & Compilers – Chose Wisely
Embedded software development is very close to the development platform used. Whether it’s bare metal development, commercial RTOS or embedded Linux, the tool chain is an important component in software development. It’s ...
Web3 Trust Dependencies: A Closer Look at Development Frameworks & Tools
emmaline | | economy of trust, framework, framework security, Product Security, smart contracts, trust dependencies, Vulnerability Research, Web3
In the world of headline-grabbing smart contract exploits, developers and other stakeholders often skew their security attention in one direction; namely, they tend to focus on on-chain code, yet often neglect framework ...
Instrumenting an Automotive Module for Bench Testing
Finding vulnerabilities, hacks, exploits, and full root access are goals for security engineers when they begin to assess a device, right? But when working with hardware, you cannot simply dive into the ...
Assessment of an Ecosystem: The importance of end to end, holistic testing
Expanded interaction between cloud-hosted and on-premise components has contributed to the increased complexity of companies’ tech stacks. As this and other cyber technologies evolve, so do the associated cybersecurity concerns. Traditional penetration ...
Safeguarding Memory in Higher-Level Programming Languages
emmaline | | application, Attack Surface Management, Memory Protection, Product Security, Tools & Techniques
Consider an application written in a higher-level language like Python, NodeJS, or C#. This application must handle sensitive data such as banking credentials, credit card data, health information, or network passwords. The ...
Whitebox Security Assessments: Doing More with More
emmaline | | attack emulation, constraints, Findings, Product Security, Tools & Techniques, whitebox assessment
When deciding on what type of security assessment to get, an organization should consider how much information they are willing to share. Several types of assessments exist, and the key differentiator is ...