all InfoSec news
cURL audit: How a joke led to significant findings
Malware Analysis, News and Indicators - Latest topics malware.news
By Maciej Domanski
In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of Bits maker week, which meant that we had more manpower than we usually do, allowing us to take a nonstandard approach to the audit.
While discussing the threat model of the application, one of our team members jokingly asked, “Have we tried curl AAAAAAAAAA… yet”? Although the comment …
application audit bits command curl data findings led project protocols server team threat threat model trail of bits utility