all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Typos that omit security features and how to test for them

Add to bookmarks
April 20, 2023, 11 a.m. | Dominik 'disconnect3d' Czarnota

Trail of Bits Blog blog.trailofbits.com

By Dominik ‘disconnect3d’ Czarnota During a security audit, I discovered an easy-to-miss typo that unintentionally failed to enable _FORTIFY_SOURCE, which helps detect memory corruption bugs in incorrectly used C functions. We searched, found, and fixed twenty C and C++ bugs on GitHub with this same pattern. Here is a list of some of them related […]

audit audits bugs corruption detect enable features functions github memory memory corruption mitigations security security audit security features test typo

Visit resource

More from blog.trailofbits.com / Trail of Bits Blog

Understanding AddressSanitizer: Better memory safety for your code 22 hours ago | blog.trailofbits.com
application security attacks bug can +20
A peek into build provenance for Homebrew 2 days, 22 hours ago | blog.trailofbits.com
alpha alpha-omega beta build +13
Using benchmarks to speed up Echidna 1 week, 1 day ago | blog.trailofbits.com
ben benchmarks bits blockchain +19
The life and times of an Abstract Syntax Tree 2 weeks ago | blog.trailofbits.com
artificially intelligent can clear compiler +14
Curvance: Invariants unleashed 2 weeks, 2 days ago | blog.trailofbits.com
assessments audits blockchain building +15
Announcing two new LMS libraries 2 weeks, 6 days ago | blog.trailofbits.com
algorithm bits cryptography digital +17
5 reasons to strive for better disclosure processes 1 month ago | blog.trailofbits.com
blog bugs disclosure examples +6
Introducing Ruzzy, a coverage-guided Ruby fuzzer 1 month, 2 weeks ago | blog.trailofbits.com
application security bits bugs code +16
Why fuzzing over formal verification? 1 month, 3 weeks ago | blog.trailofbits.com
audits blockchain development fuzzing +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Consultant/Senior Consultant – Categoria Protetta L. 68/99

@ BIP | Italy
View on infosec-jobs.com

SoC Security Architect, Platform Architecture

@ Apple | San Diego, California, United States
View on infosec-jobs.com

Cloud Engineer II- SOC Analyst

@ Insight Enterprises, Inc. | Gurugram Gurgaon HR, IN
View on infosec-jobs.com