{abp_pagination_html}

security

Fuzzing beast with libFuzzer

A short blog post about my experience in fuzzing beast during my boost review

Fuzzing beast with libFuzzer

by Jens Weller

From the article:

During the weekend I wanted to take a closer look at beast, a http library proposed for boost. I planned to write an http client class, as thats something I'll need in some project later anyways. I've been looking at beast on and off for a few month now, and started by reviewing the documentation and examples to get a feel for the library it self.

PVS-Studio: searching software weaknesses

As we check Apache HTTP Server, we see bugs crawling everywhere across the code. But wait! These are not just bugs, but security weaknesses!

PVS-Studio: searching software weaknesses

by Andrey Karpov, Phillip Khandeliants

From the article:

PVS-Studio has always been able to detect a large number of various security defects (potential vulnerabilities) in the program code. However, historically, we positioned PVS-Studio as a tool to search for errors. We see a trend in the software development to look for vulnerabilities in the code, although it is just the same. It seems to us that it is high time to do the rebranding of our static analyzer PVS-Studio. We will start with Common Weakness Enumeration (CWE). This article provides a table that shows matches of PVS-Studio diagnostic warnings of with the classifier. The table will be gradually updated and changed, but we can already use the table to write articles about security defects detected in projects. We suppose it would attract more attention of the software security specialists.

Safe Clearing of Private Data

We often need to store private data in programs, for example passwords, secret keys, and their derivatives, and we usually need to clear their traces in the memory after using them so that a potential intruder can't gain access to these data. In this article we will discuss why you can't clear private data using memset() function.

Safe Clearing of Private Data

by Roman Fomichev

From the article:

So, both gcc and clang decided to optimize our code. Since the memory is freed after calling the memset() function, the compilers treat this call as irrelevant and delete it.