iOS security overview & reverse engineering tools
- Tutorial
Six years ago, we first checked Umbraco with the PVS-Studio static analyzer for C#. Today, we decided to go where it all started and analyze the Umbraco CMS source code.
BASF 3D Printing Solutions launches a new lineup of filaments under the Forward AM brand, which include three options characterized by different composition and hardness — Ultrafuse TPU 95A, Ultrafuse TPU 64D, and Ultrafuse TPS 90A.
Ultimaker has announced a wash machine for removing water-soluble polyvinyl alcohol support structures from FDM/FFF 3D printed products.
Application Programming Interfaces or API’s are responsible for majority of system integration and functional components of modern computing landscape in both consumer and enterprise environments.
Properly constructed secure API’s provide significant benefits during initial build, integration with other systems and during entire application lifecycle while protecting sensitive information stored in business systems.
Based on author's experience designing and implementing API’s for variety of clients in financial, insurance, telecom and public sectors, security is often overlooked in favor of simplistic, vendor/product specific solutions.
This article addresses best practices for API security design in product neutral manner to help architects to plan and build easy to work with and secure API's.
Recommended approach is to separate API security from its business functionality and allow back-end developers to concentrate only on business functions. Once business logic for an API is ready, it can be published using common security components described in this article.
This article does not provide any product specific recommendations, but any modern API security/governance platform will be able to satisfy majority of suggested requirements using out-of-the-box functionality.
The Israeli company Massivit 3D is taking pre-orders for Massivit 10000 hybrid systems that combine resin 3D printing with epoxy casting.
When I was much younger, I used to play a lot. My number one preference was Knights & Merchants. While all my friends liked battle scenes most, I was fond of economical aspects of this game. For me it was always cool to look after the villagers who run their own business, become hungry sometimes and work together in the name of their country’s welfare. Recently I bought it in Steam store and thought that I could even do a webmake of this game.
As a first step of this dangerous journey it would be cool to take one of the core mechanics and try to re-implement it with the tools I’m already comfortable with: React and WebGL. It’s also a great possibility to test drive Babylon.js, which is in my to-do list.
Abstract: Greater efforts are put into 2 money-making games of SO FUN STUDIO, mainly in Southeast Asia and South America.
This is the latest release of PVS-Studio in 2021. With it, the PVS-Studio team accomplishes several important goals. Now, PVS-Studio supports Visual Studio 2022, the .NET 6 platform and C# 10.0. We implemented all diagnostics categorized as Mandatory in MISRA C.
The main purpose of the static analyzer is to detect and report errors in code - so that you can fix them afterwards. However, reporting errors is not as simple as it may seem. Those just starting out to work with static analysis - and even experienced developers - may encounter a number of problems. In this article I'll talk about these problems and how to deal with them.
In any history textbooks, the modern time has already been called the time of the next change of the industrial structure or the fourth industrial revolution (Industry 4.0). The main role, in this case, is given to information and IT systems. In an attempt to reduce the cost of IT infrastructure, unify and accelerate the process of developing IT solutions, humanity first invented "clouds" in order to replace traditional data centers, and then containers to replace virtual machines.
Clearly, containers appear more vulnerable from a security point of view. What are the advantages of containerization over virtualization? In fact, there are quite a lot of them:
• the possibility of more flexible use of available resources (no need to backup them as in the case of virtual machines);
• the ability to save resources (no need to spend them on many copies of the OS for each virtual machine);
• no delays at startup (just start of the process is almost instantaneous compared to the time needed to load the virtual machine);
• the interaction between processes, even if isolated, is much easier to implement when needed than between virtual machines. That is how, by the way, came the concept of microservices, which has recently become very popular.
All of the above led to the very rapid development of container technologies, despite the recurring problems with the security of already deployed container cloud systems, their hacks, and data leaks. Accordingly, the work on strengthening container security is also continuing. This is what will be discussed further in this article.
DDoS attacks send ripples on the ocean of the Internet, produced by creations of various sizes - botnets. Some of them feed at the top of the ocean, but there also exists a category of huge, deep water monstrosities that are rare and dangerous enough they could be seen only once in a very long time.
November 2021 we encountered, and mitigated, several attacks from a botnet, that seems to be unrelated to one described and/or well-known, like variants of Mirai, Bashlite, Hajime or Brickerbot.
Although our findings are reminiscent of Mirai, we suppose this botnet is not based purely on propagating Linux malware, but a combination of brute forcing and exploiting already patched CVEs in unpatched devices to grow the size of it. Either way, to confirm how exactly this botnet operates, we need to have a sample device to analyze, which isn’t our area of expertise.
This time, we won’t give it a name. It is not 100% clear what we are looking at, what are the exact characteristics of it, and how big this thing actually is. But there are some numbers, and where possible, we have made additional reconnaissance in order to better understand what we’re dealing with.
But let us first show you the data we’ve gathered, and leave conclusions closer to the end of this post.
We often check large projects because it's easier to find bugs there. What if we try PVS-Studio on a small project? In this article we analyze Blend2D — a library for vector 2D graphics. Let's look at what we found.
It's no secret that large projects have fascinating errors. It's not just "the larger the codebase is – the more errors we can find". It's also a known fact that the density of errors grows along with the codebase. That's why we love checking large projects — to treat you with a variety of "yummy" and tricky errors and typos. Besides, it's always interesting to search through a huge project with lots of dependencies, legacy code, and other stuff.
Today I'm moving away from this tradition. I decided to take a small project and see what PVS-Studio can find there. I chose Blend2D — branch master, commit c484790.
Many people are familiar with the situation when there is no Internet, and a small dinosaur appears on the Google Chrome screen. Today we will tell you how to implement this game on the Cyclone IV FPGA board.
We are Yegor Blinov, Egor Kuziakov, and Inga Ezhova - the first-year students of Innopolis University. In our program, there was a course "Computer Architecture", where we had labs with FPGA boards Cyclone IV and MAX10. We were inspired by this equipment and decided to implement the project on one of the boards.
Hi everyone, today I will tell how I restored a defunct LVM thinpool. Unfortunately I could not find any howtos or manuals on the internet, so maybe this one will help someone in a similar situation.
In [1,2,3] texts (sign sequences with repetitions) were transformed (coordinated) into algebraic systems using matrix units as word images. Coordinatization is a necessary condition of algebraization of any subject area. Function (arrow) (7) in [1]) is a matrix coordinatization of text. One can perform algebraic operations with words and fragments of matrix texts as with integers, but taking into account the noncommutativity of multiplication of words as matrices. Structurization of texts is reduced to the calculation of ideals and categories of texts in matrix form.
We dust off the irregular series of articles about the Chromium project check. Let's look at the code quality in the latest Chromium release and check the new features of the PVS-Studio analyzer.
This article investigates why the standard library needs a way to deduce a common type, how it is implemented and how it works.
Porsche invested money in a German startup called Isar Aerospace that is working on a lightweight launch vehicle with 3D printed parts, including key components of power plants. The initial launch is planned for 2022.
In the past, FDM 3D printing solutions have been primarily used for surgical planning. The added benefit is one can perform surgical planning digitally in preparation for surgical procedures, create mock up operations physically with the usage of trustworthy full-scale printed parts and test implants prior to inserting them into the body.