ForAllSecure

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

If you think hacking only involves the use of a keyboard, then you’re probably missing out. What about using light? What about using sound?

Your AST Guide for the Disenchanted: Part 3

ForAllSecure

In our previous post, we discussed that the key ingredient to a true DevSecOps process is accurate testing. In this post, we’ll share how to implement an accurate application security testing program that effectively manages risk, while protecting developer productivity.

Risk 52

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CVE-2020-10029: Buffer overflow in GNU libc trigonometry functions?!?

ForAllSecure

Remember trigonometry, where you were given the length of two sides of a triangle and had to compute the third side? We remembered vaguely SOH CAH TOA, but not much more. One thing we would have bet $50 on: That there wouldn’t be a buffer overflow in basic trigonometric functions.

65

The Hacker Mind Podcast: Why Are Blue Team Hackers More L33T?

ForAllSecure

So you’re in your SOC, your security operations center. You spend your time defending all aspects of the organization, then one day this hacker comes in and sees that blindspot, the one you can’t see, that one corner of the network that is exposed, that is vulnerable.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

The Hacker Mind Podcast: Why Are Blue Team Hackers More L33T?

ForAllSecure

So you’re in your SOC, your security operations center. You spend your time defending all aspects of the organization, then one day this hacker comes in and sees that blindspot, the one you can’t see, that one corner of the network that is exposed, that is vulnerable.

Your AST Guide for the Disenchanted: Part 2

ForAllSecure

In our previous post, we discussed that the key ingredient to implementing a true DevSecOps process is accurate testing. In this post, we’ll dissect how accuracy is the single enabler for driving the DevSecOps outcomes you want to see. The Art of the Possible.

Your AST Guide for the Disenchanted: Part 2

ForAllSecure

In our previous post, we discussed that the key ingredient to implementing a true DevSecOps process is accurate testing. In this post, we’ll dissect how accuracy is the single enabler for driving the DevSecOps outcomes you want to see. Software Security

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

Introduction. What do JSON, YAML, and HTTP have in common? They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing.

56

Your AST Guide for the Disenchanted: Part 1

ForAllSecure

At ForAllSecure, we’ve observed an increasing uptick in organizations looking for alternatives to mainstream application security tools. Organizations are finding that today’s AST tools aren’t servicing their objectives to develop software faster and deploy frequently. Autonomous Security

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

ForAllSecure

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow ( CVE-2020-15359 ) in a popular open source sound utility, MP3Gain. MP3Gain analyzes and adjusts MP3 files so that they have the same volume by using statistical analysis to determine what those levels should be.

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

ForAllSecure

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow ( CVE-2020-15359 ) in a popular open source sound utility, MP3Gain. MP3Gain analyzes and adjusts MP3 files so that they have the same volume by using statistical analysis to determine what those levels should be.

52

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

ForAllSecure

If you’re a fan of The Game of Thrones, then here’s a little known bit of trivia. In 1970, a young science fiction writer turned chess player, George RR Martin, played with his Northwestern University team against one of the fastest computers of the time -- and the humans won.

IT 52

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

ForAllSecure

If you’re a fan of The Game of Thrones, then here’s a little known bit of trivia. In 1970, a young science fiction writer turned chess player, George RR Martin, played with his Northwestern University team against one of the fastest computers of the time -- and the humans won.

IT 52

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The Hacker Mind Podcast: Inside DARPA's Cyber Grand Challenge

ForAllSecure

DARPA’s Cyber Grand Challenge in 2016 showed the world what's coming -- autonomous adversaries -- and raised serious questions. How can organizations react to something that makes decisions in milliseconds? How can you still have humans in the loop when reaction time is key?

IT 52

The Hacker Mind Podcast: Inside DARPA's Cyber Grand Challenge

ForAllSecure

DARPA’s Cyber Grand Challenge in 2016 showed the world what's coming -- autonomous adversaries -- and raised serious questions. How can organizations react to something that makes decisions in milliseconds? How can you still have humans in the loop when reaction time is key?

IT 52

CVE-2020-10029: Buffer overflow in GNU libc trigonometry functions?!?

ForAllSecure

Remember trigonometry, where you were given the length of two sides of a triangle and had to compute the third side? We remembered vaguely SOH CAH TOA, but not much more. One thing we would have bet $50 on: That there wouldn’t be a buffer overflow in basic trigonometric functions.

Get Started With DevSecOps

ForAllSecure

In a TechRepublic whiteboard video, host Bill Detwiler speaks to Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, about the ways organizations can benefit by using DevSecOps. What is DevSecOps?

Paper 52

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online.

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

ForAllSecure has launched an original podcast focused on hackers that’s available on Apple and Google (with more options to come). The Hacker Mind is a narrative style podcast, meaning we’ll be able to dig deep into subjects by interviewing more than one expert.

FuzzCon TV Tackles Federal Fuzz Testing

ForAllSecure

Continuing the discussions started at our successful FuzzCon event held earlier this year, ForAllSecure is hosting a series of follow-up sessions online called FuzzCon TV (formerly A Fuzzing Affair).

FuzzCon TV Launches With An Introduction to Fuzzing Panel

ForAllSecure

Following a successful FuzzCon event held in person at RSAC in San Francisco earlier this year, ForAllSecure is continuing the discussion with a series of follow-up sessions online called FuzzCon TV (formerly A Fuzzing Affair). The first episode is designed to be an introduction to fuzzing.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

FuzzCon TV Tackles Federal Fuzz Testing

ForAllSecure

Following a successful FuzzCon event held in person at RSAC in San Francisco earlier this year, ForAllSecure is continuing the discussion with a series of follow-up sessions online called FuzzConTV (formerly A Fuzzing Affair).

Your AST Guide for the Disenchanted: Part 1

ForAllSecure

At ForAllSecure, we’ve observed an increasing uptick in organizations looking for alternatives to mainstream application security tools. Organizations are finding that today’s AST tools aren’t servicing their objectives to develop software faster and deploy frequently. In this blog series, we’ll chronicle the top challenges of incorporating application security testing in DevOps workflows. We’ll also unpack how organizations are addressing these challenges.

Uncovering Memory Defects in cereal (CVE-2020-11104 & CVE-2020-11105)

ForAllSecure

Introduction. Deserialization of untrusted input is a common attack vector, making both the MITRE top-25 most dangerous software errors. Even without an attacker, mistakes in serialization or deserialization decrease the reliability of your code. ForAllSecure Vulnerability Disclosures

56

LIFE AS A PROFESSIONAL HACKER

ForAllSecure

Last month Guido Vranken hosted a successful Reddit AMA , sharing insight on his experience as a professional vulnerability researcher.

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

WHY FUZZING IS YOUR FRIEND FOR DEVSECOPS

ForAllSecure

Leaders proactively mitigate risk. One large risk they can mitigate is being blindsided by an unknown software vulnerability. Attackers who find an unknown vulnerability potentially can exploit all of an agency’s systems.

Risk 52

WHY FORALLSECURE IS A 2020 RSA INNOVATION SANDBOX FINALIST

ForAllSecure

On February 24, 2020, ForAllSecure competed in the RSA Innovation Sandbox (ISB) as a Top 10 Finalist. The opportunity to compete has been an extreme honor because the annual event is deemed the Oscars of cybersecurity.

Risk 52

TOP 3 TECHNICAL BARRIERS TO FUZZING

ForAllSecure

Fuzz testing is an effective technique for uncovering serious defects in software. From the Heartbleed vulnerability in 2014 to the infamous Jeep Cherokee hacking in 2015, fuzz testing is the technique that has made many high-profile discoveries possible.

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

Introduction. What do JSON, YAML, and HTTP have in common? They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.” ” Handling these structure requirements intelligently is the key to finding the next level of bugs that others may have missed!

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

UNCOVERING MEMORY DEFECTS IN CEREAL (CVE-2020-11104 & CVE-2020-11105)

ForAllSecure

Introduction. Deserialization of untrusted input is a common attack vector, making both the MITRE top-25 most dangerous software errors. Even without an attacker, mistakes in serialization or deserialization decrease the reliability of your code.

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

ForAllSecure

Introduction. As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries?

GAME THEORY: WHY SYSTEM SECURITY IS LIKE POKER, NOT CHESS

ForAllSecure

The 1980’s film “Wargames” asked a computer to learn whether global thermonuclear war made sense. In the film, thermonuclear war didn’t make sense but what if, in real life, preemptive cyberattacks were our best hope for winning?

MAYHEM MOVES TO PRODUCTION WITH THE DEPARTMENT OF DEFENSE

ForAllSecure

In 2016, Mayhem -- then still a research prototype -- showed that fully autonomous cybersecurity was possible. This was just the first step.

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.