Detection of known (CVEs) and unknown (0days) classes of vulnerabilities using Moabi’s exclusive symbolic execution engine.
The vulnerability analytic identifies and rates known vulnerabilities with assigned CVEs and 0days. It detects implementation errors (breach of coding standards) that lead to undefined states, exploitable conditions and software compromise.
It covers generic vulnerability classes and patterns such as: buffer overflows and memory corruptions, MITRE’s CWEs (exhaustive), SQL, XXE, Xpath and other injection attacks.
Reported vulnerabilities cover both known vulnerabilities (CVEs) referenced in public databases such as MITRE, and NVD and 0days or new vulnerabilities. It leverages Moabi’s exclusive binary taint analysis and symbolic execution engine.
See Moabi in action with this screencast