Pull to refresh
760.69
Rating

Information Security *

Data protection

Show first
Rating limit

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

PVS-Studio corporate blog Information Security *C++ *C *Programming microcontrollers *

If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance. PVS-Studio has recently learned how to generate the MISRA Compliance report. This article describes how you can use this feature. This can make somebody's life better.

Read more
Rating 0
Views 628
Comments 3

XSS: attack, defense — and C# programming

PVS-Studio corporate blog Information Security *Programming *.NET *C# *

XSS - or cross-site scripting - is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let's figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we're at it, we'll talk about ways you can protect yourself from XSS.

Read more
Total votes 1: ↑1 and ↓0 +1
Views 1.9K
Comments 1

Private party protocol: how to distinguish friends and foes using cryptographic tools

Information Security *Cryptography *Network technologies *
Tutorial

ENCRY presents a new interactive identification protocol aimed at controlling the access of selected users to various resources.

Close your eyes and imagine Nice, a luxurious estate whose extravagant owner throws epic parties with jazz and fireworks every weekend.

To attend such a party is a lot of the elite. Invitations are sent out in advance, and guests do not know the names of other invited persons. The owner of the estate, the mysterious Jay Gatsby, an eager luxury-lover, values ​​privacy so much that he is not ready to entrust the list of invitees to anyone, not even his buttress. Moreover, the owner of the estate would like the guests not to reveal their names when entering the property. After all, there may be the mayor of the city, or the chief prosecutor among them, and they would like to keep their visit secret. Unfortunately, the owner of the estate himself is so busy that he cannot independently check each guest at the entrance, especially since there are several access roads to his house. How could he solve this problem?

Read more
Total votes 2: ↑2 and ↓0 +2
Views 962
Comments 0

Building an Arduino based RFID Emulator

RUVDS.com corporate blog Information Security *Programming microcontrollers *Developing for Arduino *DIY
Tutorial

This project is aimed at creating an experimental device for emulating RFID labels of three widely available components. I simplified the explanation of the process so that it could be easily replicated. I also developed some helpful ideas along the way, including writing a special program for converting a serial number into the transmitted data, which will definitely prove useful.
Total votes 21: ↑20 and ↓1 +19
Views 5.8K
Comments 0

OWASP, Vulnerabilities, and Taint Analysis in PVS-Studio for C#. Stir, but Don't Shake

PVS-Studio corporate blog Information Security *.NET *C# *

0831_TaintAnalysis_Cs/image1.png


We continue to develop PVS-Studio as a SAST solution. Thus, one of our major goals is expanding OWASP coverage. You might ask, what's the use when there's no taint analysis? That's exactly what we thought — and decided to implement taint analysis in the C# analyzer. Curious about what we accomplished? Read on!

Read more →
Total votes 2: ↑1 and ↓1 0
Views 652
Comments 0

$mol_func_sandbox: hack me if you might!.

Information Security *JavaScript *
Translation

Hello, I'm Jin, and I… want to play a game with you. Its rules are very simple, but breaking them… will lead you to victory. Feel like a hacker getting out of the JavaScript sandbox in order to read cookies, mine bitcoins, make a deface, or something else interesting.



https://sandbox.js.hyoo.ru/


And then I'll tell you how the sandbox works and give you some ideas for hacking.

Read more →
Total votes 3: ↑3 and ↓0 +3
Views 1.6K
Comments 5

Q1 2021 DDoS attacks and BGP incidents

Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *Research and forecasts in IT *

The year 2021 started on such a high note for Qrator Labs: on January 19, our company celebrated its 10th anniversary. Shortly after, in February, our network mitigated quite an impressive 750 Gbps DDoS attack based on old and well known DNS amplification. Furthermore, there is a constant flow of BGP incidents; some are becoming global routing anomalies. We started reporting in our newly made Twitter account for Qrator.Radar.

Nevertheless, with the first quarter of the year being over, we can take a closer look at DDoS attacks statistics and BGP incidents for January - March 2021.

Read more
Total votes 15: ↑15 and ↓0 +15
Views 1.3K
Comments 0

Qrator Labs' Value Partnership Programs

Qrator Labs corporate blog Information Security *Sales management *Business Models *

Why is it valuable to get into the Qrator Labs partnership program?

In Qrator Labs, we firmly believe that working together brings a better result. Which is the reason why, for years, we were trying to find meaningful partnerships with all kinds of companies. They either seek to provide their existing customers with the top-notch DDoS mitigation technology developed at Qrator Labs with many additional ecosystem solutions or want to succeed the other way around. By getting their product available for Qrator Labs' customers by integrating into the Qrator anycast filtering network.

Read more
Total votes 20: ↑20 and ↓0 +20
Views 739
Comments 0

GDB Tutorial for Reverse Engineers: Breakpoints, Modifying Memory and Printing its Contents

Information Security *Reverse engineering *
Tutorial

GDB is THE debugger for Linux programs. It’s super powerful. But its user-friendliness or lack thereof can actually make you throw your PC out of the window. But what’s important to understand about GDB is that GDB is not simply a tool, it’s a debugging framework for you to build upon. In this article, I’m gonna walk you through GDB setup for reverse engineering and show you all of the necessary commands and shortcuts for your debugging workflow.

Читать далее
Total votes 1: ↑1 and ↓0 +1
Views 11K
Comments 0

Paper-based TOTP tokens

Token2.com corporate blog Information Security *

Enterprise policies are different, and in some cases weird. In this article, we will describe a very unusual problem raised by one of our customers. In a nutshell, the organization does not allow bringing any devices onsite, no smartphones, no mobile phones, and even no hardware tokens are allowed on-premises. At the same time, the organization is using Office 365 services from Microsoft and has enforced multi-factor authentication for all users to be activated.

To address this issue, our research and development team has spent some time and found a solution, which is a paper-based TOTP token. We are hereby presenting the solution, which is available for free (well, if you don't count the paper and ink cost).

Our solution is a web-based tool that generates the list of one-time passwords (OTPs) for an arbitrary seed. The list can be printed out and handed over to the end-users to serve as their second factor for authenticating in Azure AD with multi-factor authentication enabled. To associate this paper TOTP token with a user, you can follow the same procedure as with the regular TOTP tokens.

The procedure is simple, you enter the seed and click on submit to get the list generated. You will get a printable list similar to the one shown below for the next few days. By changing the number of future OTPs you can make the list longer or shorter.

Read more
Total votes 4: ↑4 and ↓0 +4
Views 1.2K
Comments 0

How to Start Reverse Engineering in 2021

Information Security *Reverse engineering *

Reverse engineering might seem so complex, that not everyone has the bravery required to tackle it. But is it really that hard? Today we are gonna dive into the process of learning how to reverse engineer.

First of all, try to answer yourself, what are you hoping to achieve with reverse engineering? Because reverse engineering is a tool. And you should choose the right tool for your task. So when reverse engineering might be useful?

Read more
Total votes 3: ↑3 and ↓0 +3
Views 37K
Comments 0

2020 Network Security and Availability Report

Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *

By the beginning of 2021, Qrator Labs filtering network expands to 14 scrubbing centers and a total of 3 Tbps filtering bandwidth capacity, with the San Paolo scrubbing facility fully operational in early 2021;

New partner services fully integrated into Qrator Labs infrastructure and customer dashboard throughout 2020: SolidWall WAF and RuGeeks CDN;

Upgraded filtering logic allows Qrator Labs to serve even bigger infrastructures with full-scale cybersecurity protection and DDoS attacks mitigation;

The newest AMD processors are now widely used by Qrator Labs in packet processing.

DDoS attacks were on the rise during 2020, with the most relentless attacks described as short and overwhelmingly intensive.

However, BGP incidents were an area where it was evident that some change was and still is needed, as there was a significant amount of devastating hijacks and route leaks.

In 2020, we began providing our services in Singapore under a new partnership and opened a new scrubbing center in Dubai, where our fully functioning branch is staffed by the best professionals to serve local customers.

Read more
Total votes 17: ↑17 and ↓0 +17
Views 799
Comments 0

Example of How New Diagnostics Appear in PVS-Studio

PVS-Studio corporate blog Information Security *Perfect code *C++ *C *

PVS-Studio new C++ rule


Users sometimes ask how new diagnostics appear in the PVS-Studio static analyzer. We answer that we draw inspiration from a variety of sources: books, coding standards, our own mistakes, our users' emails, and others. Recently we came up with an interesting idea of a new diagnostic. Today we decided to tell the story of how it happened.

Read more →
Rating 0
Views 432
Comments 0

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

PVS-Studio corporate blog Information Security *

Security. What does this word mean to you? Nowadays, companies spare no effort to ensure that their product is secured from hacking and all sorts of information leaks. PVS-Studio decided to help its users and expand the functionality in this area. Therefore, one of the main innovations of the upcoming release will be the introduction of analyzer new features which will ensure code safety and security. This article aims to present these features.

Read More
Total votes 2: ↑1 and ↓1 0
Views 395
Comments 0

PVS-Studio, Blender: Series of Notes on Advantages of Regular Static Analysis of Code

PVS-Studio corporate blog Information Security *Open source *C++ *C *

PVS-Studio and Blender


In our articles, we regularly repeat an important idea: a static analyzer should be used regularly. This helps detect and cheaply fix many errors at the earliest stage. It looks nice in theory. As we know, actions still speak louder than words. Let's look at some recent bugs in new code of the Blender project.

Read more →
Rating 0
Views 369
Comments 0

Top 7 Technology Trends to Look out for in 2021

Information Security *Network technologies *Research and forecasts in IT *Artificial Intelligence IOT
Sandbox

Technology is as adaptable and compatible as mankind; it finds its way through problems and situations. 2020 was one such package of uncertain events that forced businesses to adapt to digital transformation, even to an extent where many companies started to consider the remote work culture to be a beneficiary long-term model. Technological advancements like Hyper automation, AI Security, and Distributed cloud showed how any people-centric idea could rule the digital era. The past year clearly showed the boundless possibilities through which technology can survive or reinvent itself. With all those learnings let's deep-dive and focus on some of the top technology trends to watch out for in 2021.

Read more
Rating 0
Views 3.2K
Comments 3

Date Processing Attracts Bugs or 77 Defects in Qt 6

PVS-Studio corporate blog Information Security *Programming *C++ *Qt *

PVS-Studio & Qt 6


The recent Qt 6 release compelled us to recheck the framework with PVS-Studio. In this article, we reviewed various interesting errors we found, for example, those related to processing dates. The errors we discovered prove that developers can greatly benefit from regularly checking their projects with tools like PVS-Studio.

Read more →
Total votes 1: ↑1 and ↓0 +1
Views 1.5K
Comments 0

Authors' contribution