Busting zero-days before being busted by them

Summary

Zero-day (hidden, undisclosed or unknown) vulnerabilities pose the greatest threat to the security of organisations. They plague all types of software including operating systems, their components and all types of applications including particularly sensitive web applications. Finding and eradicating zero-day vulnerabilities could be difficult, time consuming and challenging. We would like to present how automated software solutions for source code security assessment could help in building more secure applications and how we use these solutions to improve security of the open source applications. Our extensive experience covers penetration testing, zero-day vulnerability research, security auditing and source code security analysis. We develop applications for both DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) and have a proven track record in discovering zero-day vulnerabilities in all types of applications, including recent security advisories covering Magento, Google and WordPress.