Explaining Software Vulnerabilities with Large Language Models

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing SAST tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic warning messages do not sufficiently communicate important...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villain...

Using payable.transfer functions in WithdrawFacet.sol and Libasset.sol is not usable for smart contract calls due to possible shortage of gas.

Lines of code Vulnerability details Impact Withdrawals and transferERC20 tokens are executed via transferERC20 and withdraw functions. Since these functions calls with a fixed amount of gas, it's not yet guaranteed to reach to the destination if the receiver is a smart contract. Proof of Concept...

Risk of centralization

Lines of code Vulnerability details Medium Risk Risk of centralization Impact Diamond owner has too many roles on setting the functions, initiating payable functions. If the Owner account is compromised, the assets may be drained in this trustless system. Proof of Concept Tools Used Static testin...

CVE-2020-28952

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely...

Emba - An Analyzer For Linux-based Firmware Of Embedded Devices

emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify and focus on the interesting areas of a huge firmware image. Although emba is optimized for offline firmware images, it can test both, live systems and extract...

Disconnect Between Application Development and Security Getting Wider

There is a widening gulf between application developers and security decision makers inside the enterprise, and it’s starting to cost companies serious money. Sure there’s been lots of talk about the need for better static and dynamic web application testing tools and the need for a formalized...