AST

How we found a Prototype Pollution in protobuf.js

Aug 14, 2023 By Code Intelligence In Code Intelligence

Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.

View Video

Code Intelligence

Read more about How we found a Prototype Pollution in protobuf.js

The Risks of AI-Generated Code

Aug 9, 2023 By Sergej Dechand In Code Intelligence

AI is fundamentally transforming how we write, test and deploy code. However, AI is not a new phenomenon, as the term was first coined in the 1950s. With the more recent release of ChatGPT, generative AI has taken a huge step forward in delivering this technology to the masses. Especially for development teams, this has enormous potential. Today, AI represents the biggest change since the adoption of cloud computing. However, using it to create code comes with its own risks.

Read Post

Code Intelligence

Read more about The Risks of AI-Generated Code

Synopsys and NowSecure join forces

Aug 8, 2023 By Vishrut Iyengar In Synopsys

Synopsys + NowSecure partnership delivers automated, continuous MAST solution. Mobile applications have become an integral part of our daily lives, and with their increasing prevalence, the need for robust security measures has never been more critical. Recognizing this, Synopsys is enhancing its mobile application security testing (MAST) offering through a strategic partnership with NowSecure.

Read Post

Synopsys

Read more about Synopsys and NowSecure join forces

Top Ten Tips to Choose a Great SAST Tool

Aug 3, 2023 By Adam Murray In Mend

Static application security testing (SAST) is a crucial component of any software and application security strategy, and as such, a SAST tool should form a valuable part of your security stack. But when you’re choosing which SAST tool to buy and implement, what are the key factors you should consider?

Read Post

Mend

Read more about Top Ten Tips to Choose a Great SAST Tool

Code Intelligence Finds New Vulnerability in protobufjs: CVE-2023-36665

Jul 13, 2023 By Code Intelligence In Code Intelligence

As part of Code Intelligence's ongoing efforts to improve the security of open-source software it continuously tests open-source projects with its JavaScript fuzzing engine, Jazzer.js, in Google's OSS-Fuzz. Recently Code Intelligence uncovered a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665) using its newly integrated Prototype Pollution bug detector. The vulnerability puts affected applications at risks of remote code execution and denial of service attacks.

Read Post

Code Intelligence

Read more about Code Intelligence Finds New Vulnerability in protobufjs: CVE-2023-36665

We benchmarked top SAST products, and this is what we learned

Jul 13, 2023 By Guillaume Montard In Bearer

When we started to build Bearer, we wanted to understand how to validate the quality of our findings and be able to benchmark it. Code security scanning solutions are notorious for reporting a lot of false positives and other deficiencies, and even though we believed we could do much better, we needed a way to prove it. In Java, there is an OWASP project, BenchmarkJava, which makes it easy to compare the output of two software security solutions.

Read Post

Bearer

Read more about We benchmarked top SAST products, and this is what we learned

26 AI Code Tools in 2024: Best AI Coding Assistant

Jul 13, 2023 By Alexander Thiam In Code Intelligence

Generative AI unleashed a whole series of new innovations and tools to the masses in 2023. From AI chatbots to image generators to AI coding assistants, there is just so much to consider, and there are more and more being launched every day. In this guide, we will look at how AI is changing the world of software development by showcasing 26 AI coding tools that are helping developers produce high-quality software more efficiently.

Read Post

Code Intelligence

Read more about 26 AI Code Tools in 2024: Best AI Coding Assistant

Consolidation: The wave of the (AST) future

Jul 11, 2023 By Jim Ivers In Synopsys

Reducing complexity and providing insight into software risk, consolidation is the wave of the application security testing future. As the convergence of economic and practical factors increases pressure on organizations to streamline their application security (AppSec) initiatives, consolidation is emerging as a practical solution.

Read Post

Synopsys

Read more about Consolidation: The wave of the (AST) future

New Vulnerability in protobuf.js: Prototype Pollution - CVE-2023-36665

Jul 4, 2023 By Roman Wagner In Code Intelligence

We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.

Read Post

Code Intelligence

Read more about New Vulnerability in protobuf.js: Prototype Pollution - CVE-2023-36665

AI-Powered Whitebox Testing in Action

Jun 26, 2023 By Code Intelligence In Code Intelligence

Learn how AI.powered white-box testing leverages the internal design of the software under test to bugs and vulnerabilities that are off-limits to traditional testing methods.

View Video