Detection of known (CVEs) and unknown (0days) classes of vulnerabilities using Moabi’s exclusive symbolic execution engine.
The vulnerability analytic identifies and rates known vulnerabilities with assigned CVEs and 0days. It detects implementation errors (breach of coding standards) that lead to undefined states, exploitable conditions and software compromise.
It covers generic vulnerability classes and patterns such as: buffer overflows and memory corruptions, MITRE’s CWEs (exhaustive), SQL, XXE, Xpath and other injection attacks.
Watch Moabi’s presentation at RSA 2020 conference, including how we discovered 0days in critical IoT software.