In the past six months, we have been working on a new static analysis tool for the .NET ecosystem called Roslyn Security Guard. It is a Visual Studio extension that analyzes C# code. It was first released at Black Hat USA this year. This article will cover the latest milestone reached which brings a new taint analysis mechanism and the introduction of automated code fixes.
Cybercrime is an evolving phenomenon and offenders are continuously adapting to find new techniques to monetize their illicit activities. Our research paper and upcoming BlackHat Europe presentation – EGO MARKET: When People’s Greed for Fame Benefits Large-Scale Botnets – is about Linux/Moose, a botnet that conducts social media fraud. This blog post is a summary of our paper.
Last week, a new version of Find Security Bugs (FSB), a FindBugs extension was released. In this post, we will present the most recent improvements and some project announcements.
As you may know, CSP is not adopted yet by industry. Multiple surveys have already been made about the adoption of the security header   . Even so, it does not mean that we cannot prepare ourselves for the technology. For this purpose, we have built a Burp and ZAP extension to automate the most common validations called CSP Auditor.