by Philippe Arteau | Oct 16, 2019
Over the years, Find Security Bugs – or FindSecBugs in short – has evolved from a limited static-analysis tool to one with solid coverage of bug patterns. In this post, we will present the latest milestone from the project: arrival in the OWASP family,...
by Francois Renaud | Sep 30, 2019
TLDR: It is frightening, a patch was made available the same day it was disclosed and everybody should update their servers. Impact Butor Portal is affected by a Path Traversal vulnerability leading to pre-authentication arbitrary file downloads. Every file...
by Benoit Cote-Jodoin | Jul 3, 2019
Some time ago; we published a blog about jenkins-fsb, a preconfigured Jenkins instance for efficiently using the plug-in, Find Security Bugs. In that blog post, there was an indication about multiple vulnerabilities having been found but not disclosed. Well, today we...
by Philippe Arteau | May 15, 2018
This February, we ran a Find Security Bugs scan on over at least one hundred components from the Spring Framework, including the core components (spring-core, spring-mvc) but also optional components (spring-data, spring-social, spring-oauth, etc.). From this...