![Using One Seed and Variant Analysis to Eradicate an Entire Vulnerability Class [Black Hat 2019]](https://i.ytimg.com/vi/omqh9aRf-QI/maxresdefault.jpg "Using One Seed and Variant Analysis to Eradicate an Entire Vulnerability Class [Black Hat 2019]")
In this Black Hat presentation, Semmle CSO Fermín Serna will show how he performed variant analysis on one 0day in Das U-Boot, discovering more than 10 additional vulnerabilities. As part of Semmle’s efforts on Open Security, our Security Research Team has seen critical variants of the vulnerabilities reappear after the bug was thought to be fixed. For example, Apache Struts and the OGNL injection CVEs that cropped up months after the Equifax breach, Ghostscript’s type confusion issues or ZipSlip’s RCE vulnerability.
See how implementing automated variant analysis to complement your fuzzing, pen testing and bug bounty programs can help you stop playing CVE whack-a-mole.
0 Comments