Do You Speak My Language? Make Static Analysis Engines Understand Each Other | allinfosecnews.com

July 5, 2022, 1:07 p.m. | Black Hat

Black Hat www.youtube.com

This presentation will introduce a novel but generic framework to exchange taint information between two or more static analysis systems and how that can be used to perform cross-language, cross-repo taint-flow analysis. It will showcase how this has been implemented inside Facebook and used at scale by Facebook's security team to detect critical security vulnerabilities spanning multiple codebases. During the presentation, we will show examples of the actual vulnerabilities where the data flow crosses from one language to another....

By: …

analysis language static analysis

More from www.youtube.com / Black Hat

Locknote: Conclusions and Key Takeaways from Day 2 2 weeks ago | www.youtube.com

black hat black hat europe board board members +15

Locknote: Conclusions and Key Takeaways from Day 1 2 weeks ago | www.youtube.com

black hat black hat europe board board members +16

Keynote: My Lessons from the Uber Case 2 weeks ago | www.youtube.com

addition best practices case convicted +16

Keynote: Industrialising Cyber Defence in an Asymmetric World 2 weeks, 1 day ago | www.youtube.com

adversaries challenge cyber cyber defence +10

The Black Hat Europe Network Operations Center (NOC) Report 2 weeks, 1 day ago | www.youtube.com

back black hat black hat europe center +14

My Invisible Adversary: Burnout 2 weeks, 5 days ago | www.youtube.com

adversary attackers attacks burnout +11

The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 2 weeks, 5 days ago | www.youtube.com

analysis ask bad codeql +10

A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 2 weeks, 6 days ago | www.youtube.com

attacks call cloudflare detection +10

Collide+Power: The Evolution of Software-based Power Side-Channels Attacks 2 weeks, 6 days ago | www.youtube.com

addition attacks build collide+power +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086

View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States

View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ

View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom

View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States

View on infosec-jobs.com