Submitted via IRC for SoyCow8317
Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks.
The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi. The expert says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.
[...] The researcher released XDiFF as an open source project on GitHub. A more detailed presentation of the testing procedure and all the vulnerabilities is available in Arnaboldi's research paper named "Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing."
(Score: 2) by Arik on Wednesday December 13 2017, @03:55AM
That's great and I think you are misunderstanding me a little.
I'm not criticizing your personal practices, which I am sure are better than industry standard and nothing to be ashamed about.
I'm talking about the broader eco-system. You're working inside a system where you have no choice but to rely on the foundations that others built. And it's not your fault that those foundations were not built to be reliable.
But it still might concern you.
If laughter is the best medicine, who are the best doctors?