Trail of Bits, Author at Security Boulevard

Introducing Ruzzy, a coverage-guided Ruby fuzzer

Trail of Bits — Fri, 29 Mar 2024 13:30:44 +0000

By Matt Schwager Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could lead to denial of service, and in Ruby C extensions, they […]

The post Introducing Ruzzy, a coverage-guided Ruby fuzzer appeared first on Security Boulevard.

Why fuzzing over formal verification?

Trail of Bits — Fri, 22 Mar 2024 13:00:28 +0000

By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used formal verification methods in the […]

The post Why fuzzing over formal verification? appeared first on Security Boulevard.

Streamline your static analysis triage with SARIF Explorer

Trail of Bits — Wed, 20 Mar 2024 13:30:45 +0000

By Vasco Franco Today, we’re releasing SARIF Explorer, the VSCode extension that we developed to streamline how we triage static analysis results. We make heavy use of static analysis tools during our audits, but the process of triaging them was always a pain. We designed SARIF Explorer to provide an intuitive UI inside VSCode, with […]

The post Streamline your static analysis triage with SARIF Explorer appeared first on Security Boulevard.

Read code like a pro with our weAudit VSCode extension

Trail of Bits — Tue, 19 Mar 2024 13:30:00 +0000

By Filipe Casal Today, we’re releasing weAudit, the collaborative code-reviewing tool that we use during our security audits. With weAudit, we review code more efficiently by taking notes and tracking bugs in a codebase directly inside VSCode, reducing our reliance on external tools, ensuring we never lose track of bugs we find, and enabling us […]

The post Read code like a pro with our weAudit VSCode extension appeared first on Security Boulevard.

Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing

Trail of Bits — Mon, 18 Mar 2024 13:00:59 +0000

By Benjamin Samuels (@thebensams) Today, Trail of Bits is publishing Attacknet, a new tool that addresses the limitations of traditional runtime verification tools, built in collaboration with the Ethereum Foundation. Attacknet is intended to augment the EF’s current test methods by subjecting their execution and consensus clients to some of the most challenging network conditions […]

The post Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing appeared first on Security Boulevard.

Secure your blockchain project from the start

Trail of Bits — Wed, 13 Mar 2024 13:00:45 +0000

Systemic security issues in blockchain projects often appear early in development. Without an initial focus on security, projects may choose flawed architectures or make insecure design or development choices that result in hard-to-maintain or vulnerable solutions. Traditional security reviews can be used to identify some security issues, but by the time they are complete, it […]

The post Secure your blockchain project from the start appeared first on Security Boulevard.

DARPA awards $1 million to Trail of Bits for AI Cyber Challenge

Trail of Bits — Mon, 11 Mar 2024 17:46:31 +0000

By Michael D. Brown We’re excited to share that Trail of Bits has been selected as one of the seven exclusive teams to participate in the small business track for DARPA’s AI Cyber Challenge (AIxCC). Our team will receive a $1 million award to create a Cyber Reasoning System (CRS) and compete in the AIxCC […]

The post DARPA awards $1 million to Trail of Bits for AI Cyber Challenge appeared first on Security Boulevard.

Out of the kernel, into the tokens

Trail of Bits — Fri, 08 Mar 2024 14:00:48 +0000

By Max Ammann and Emilio López Our application security team leaves no stone unturned; our audits dive deeply into areas ranging from device firmware, operating system kernels, and cloud systems to widely used technology such as mobile and web applications. This post examines two issues we identified over the past few years that, though unrelated, […]

The post Out of the kernel, into the tokens appeared first on Security Boulevard.

Cryptographic design review of Ockam

Trail of Bits — Tue, 05 Mar 2024 14:00:38 +0000

By Marc Ilunga, Jim Miller, Fredrik Dahlgren, and Joop van de Pol In October 2023, Ockam hired Trail of Bits to review the design of its product, a set of protocols that aims to enable secure communication (i.e., end-to-end encrypted and mutually authenticated channels) across various heterogeneous networks. A secure system starts at the design […]

The post Cryptographic design review of Ockam appeared first on Security Boulevard.

Relishing new Fickling features for securing ML systems

Trail of Bits — Mon, 04 Mar 2024 14:00:44 +0000

By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, and bytecode rewriter for the Python pickle module that can help you detect, analyze, or create malicious pickle files. While the ML community […]

The post Relishing new Fickling features for securing ML systems appeared first on Security Boulevard.