1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New open-source Facebook tool hopes to find security flaws in And

    From TechnologyDaily@1337:1/100 to All on Thu Sep 30 16:45:02 2021
    New open-source Facebook tool hopes to find security flaws in Android apps

    Date:
    Thu, 30 Sep 2021 15:24:24 +0000

    Description:
    Facebook open-sources a static analyzer that it uses internally to find security holes in Android apps.

    FULL STORY ======================================================================

    Facebook today released a home-brewed tool that it uses internally to
    discover security and privacy flaws in its Android and Java applications.

    Named Mariana Trench (MT), the static analyzer is licensed under the open source MIT license, and is designed to spot vulnerabilities in large
    codebases made up of tens of millions of lines of code.

    According to Facebooks software engineer Dominik Gabi, developers within the company have banked on automated tools like MT to find more than 50% of all security bugs in the companys mobile apps. Heres our roundup of the best laptops for programming Check our list of these best Python courses Weve also collated the best JavaScript courses

    Gabi adds that the company built MT to focus on smartphone apps, which
    require a different approach for mitigating security bugs as compared to web apps. Prevention is better than cure

    In the post Gabi gives a technical overview of how the tool actually works, and points to Facebooks tutorial thatll help Android developers roll MT in their pipeline.

    Unlike web apps, which can be updated instantly to fix a bug, patching
    Android apps requires the help of users, adding a costly time delay, which
    can be exploited by attackers to exploit the vulnerabilities.

    This is why tools like MT help detect security gaffes during development before they land in the finalized app.

    MT is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production, notes Gabi, adding that MT was the result of a collaboration between security and
    software engineers at Facebook.

    Written in Python , MT is currently available on GitHub and Facebook has also released a binary for the tool in the Python Package Index (PyPI) repository. Weve also compiled a list of the best Android antivirus apps



    ======================================================================
    Link to news story: https://www.techradar.com/news/new-open-source-facebook-tool-hopes-to-find-sec urity-flaws-in-android-apps/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)