What does optimization mean?

Optimization is a process to make an existing system faster, more efficient than it currently is. The ways to achieve this optimization depends on what system we’re talking about. In this post, we’ll go through some simple yet effective strategies to make fuzzing with AFL more optimized. We’d also take a look at AFL’s QEMU mode, which allows us to fuzz binaries which we do not have the source for.

Note: This article builds on top of the last blog I wrote, where we talked about how to get started with fuzzing applications with American Fuzzy Lop, or AFL for…

What is Fuzzing?

Standard Glossary of Software Engineering Terminology, IEEE, defines fuzzing as:

The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions.

Breaking it down into simpler terms, fuzzing is a testing technique for applications in which we pass random, invalid input to the target application. The application is then monitored for unexpected behavior. The unexpected behavior could be the application crashing, memory leakage, etc. that occur for previously unknown niche test cases that go beyond the scope of manual testing.

One thing to keep in mind is that invalid inputs…

I got a chance to intern at Appsecco for my 8th Semester project on DevSecOps.

Introduction

For as far as I can remember, I’ve always been interested in computers. Soon enough I got fascinated about security in computers. This interest, however, remained at the backburner while I was in school. Cut to when I got into college, I learned more about how things worked in security. It wasn’t long when I decided that when I graduate from college, I should have a job in the security industry.

I’ve fortunately had the opportunity to intern as both, a Security Engineer and a…

Demystifying how to write Modular Code in Python.

Anyone who has done a decent bit of development with Python, surely at some point, has come across the following syntax:

if __name__ == "__main__":
    # Statements

I first came across this when I was learning about Flask, the backend framework and though I initially just went along with it, soon enough I was curious to know what exactly did this conditional statement accomplish. Also while working with fellow developers, I realized this particular snippet is something that takes some time to wrap one’s head around. …

An introduction to attacks based on insecure deserialization.

What is serialization?

Let’s start off by defining what exactly serialization means. Serialization is the process of converting a complex object, such as a list in python, into a format which is more suitable for certain operations such as storing into files, transmitting over a network. Serialization is also, at times, referred to as marshaling.

Serialization has an obvious benefit that it retains the structure of the original object when the data gets deserialized. This is a fancy way of saying that the list you serialized in python will directly be converted back to a…

The Open Web Application Security Project, more commonly known as OWASP, is a community of security professionals, researchers, and enthusiasts who develop tools for security testing, documentation for vulnerabilities for various platforms and articles on the latest developments in cyber security.

The OWASP Top 10 refers to the most commonly found vulnerabilities found in web applications. Below are the top 10 vulnerabilities found in web applications as documented and ranked by OWASP for the year 2017.

1. Injection

Injection refers to the attacks which exploit the presence of improper input handling that can lead to the interpretation of the input…