© 2023 Hashnode
#sast
Previously on... In my previous blog post, I wrote about deserialization attacks and how to prevent them. I ended the post with a section called Hunger. There I stated I still doubted the link between…
Analyse statique avec Checkov Déjà présenté dans mon précédent article; Checkov est un outil permettant l'analyse statique de votre Infrastructure As Code (IaC). Celui-ci va vous aider dans l'écriture…
Ever wondered what it means when you read the headlines or hear - "Hackers attacked XYZ systems! Possibility of a data breach!" Of course, this doesn't mean attacking using arrows or weapons but how d…
In summer 2021, the Vulnerability Research and Static Analysis teams launched the Google Summer of Code (GSoC) project: Write vulnerability detection rules for SAST. For this project, we built and implemented a framework to helps transition…
Compilers are evolving: they issue more and more warnings. Do developers still need to use static code analyzers like PVS-Studio? Yes, because analyzers are evolving too. In this article you'll see how PVS-Studio can find bugs even in a com…
Among the wide variety of programming languages, what our users want the most is that the PVS-Studio analyzer to start supporting JavaScript. The Rhino engine is a project that our team can use to create a PVS-Studio analyzer for JavaScript…
In 2018, Microsoft created МL.NЕТ, a machine learning framework for .NET developers. Since then, the machine learning library has undergone significant changes and acquired new features to identify patterns within data. Let's see how these …
In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so bef…
