Static Analysis
Streamline your static analysis triage with SARIF Explorer
By Vasco Franco Today, we’re releasing SARIF Explorer, the VSCode extension that we developed to streamline how we triage static analysis results. We make heavy use of static analysis tools during our ...
Relishing new Fickling features for securing ML systems
By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, ...
Circomspect has been integrated into the Sindri CLI
By Jim Miller Our tool Circomspect is now integrated into the Sindri command-line interface (CLI)! We designed Circomspect to help developers build Circom circuits more securely, particularly given the limited tooling support ...
2024 Trends Affecting Software Product Security
The post 2024 Trends Affecting Software Product Security appeared first on CodeSecure ...
Say hello to the next chapter of the Testing Handbook!
By Fredrik Dahlgren Today we are announcing the latest addition to the Trail of Bits Testing Handbook: a brand new chapter on CodeQL! CodeQL is a powerful and versatile static analysis tool, ...
Security flaws in an SSO plugin for Caddy
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Top Considerations in Mastering SAST
Actions to Introduce Application Security in DevSecOps Developers are busy and introducing new tools or new processes is often met with resistance, and rightfully so. This is compounded when developers don’t understand ...
Working on blockchains as a Trail of Bits intern
By Vara Prasad Bandaru Earlier this year, I successfully completed my internship at Trail of Bits and secured a full-time position as a Blockchain Security Analyst. This post is not intended to ...