all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Catching OpenSSL misuse using CodeQL

Add to bookmarks
Dec. 22, 2023, 2 p.m. | Trail of Bits

Trail of Bits Blog blog.trailofbits.com

By Damien Santiago I’ve created five CodeQL queries that catch potentially potent bugs in the OpenSSL libcrypto API, a widely adopted but often unforgiving API that can be misused to cause memory leaks, authentication bypasses, and other subtle cryptographic issues in implementations. These queries—which I developed during my internship with my mentors, Fredrik Dahlgren and […]

api authentication bugs catch codeql cryptographic dahlgren internship projects leaks memory memory leaks openssl

Visit resource

More from blog.trailofbits.com / Trail of Bits Blog

Announcing two new LMS libraries 1 day, 4 hours ago | blog.trailofbits.com
algorithm bits cryptography digital +17
5 reasons to strive for better disclosure processes 1 week, 5 days ago | blog.trailofbits.com
blog bugs disclosure examples +6
Introducing Ruzzy, a coverage-guided Ruby fuzzer 4 weeks, 1 day ago | blog.trailofbits.com
application security bits bugs code +16
Why fuzzing over formal verification? 1 month ago | blog.trailofbits.com
audits blockchain development fuzzing +3
Streamline your static analysis triage with SARIF Explorer 1 month, 1 week ago | blog.trailofbits.com
analysis audits explorer extension +8
Read code like a pro with our weAudit VSCode extension 1 month, 1 week ago | blog.trailofbits.com
audits bugs code codebase +12
Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing 1 month, 1 week ago | blog.trailofbits.com
addresses bits blockchain bugs +17
Secure your blockchain project from the start 1 month, 2 weeks ago | blog.trailofbits.com
architectures blockchain can design +16
DARPA awards $1 million to Trail of Bits for AI Cyber Challenge 1 month, 2 weeks ago | blog.trailofbits.com
ai cyber challenge aixcc award awards +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
View on infosec-jobs.com

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
View on infosec-jobs.com

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States
View on infosec-jobs.com

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA
View on infosec-jobs.com
View more jobs