Zoncolan: How Facebook uses static analysis to detect and prevent security issues

Zoncolan: How Facebook uses static analysis to detect and prevent security issues

  • August 17, 2019
Table of Contents

Zoncolan: How Facebook uses static analysis to detect and prevent security issues

Zoncolan helps security engineers scale their work by using static analysis to examine code and detect security or privacy issues. Facebook’s web codebase currently contains more than 100 million lines of Hack code, and changes thousands of times per day. To handle the sheer volume of code, we build sophisticated systems that help our security engineers review code.

Today, we are sharing the details of one of those tools, called Zoncolan, for the first time. Zoncolan helps security engineers scale their work by using static analysis to automatically examine our code and detect potentially dangerous security or privacy issues. To handle the sheer volume of code, we build sophisticated systems that help our security engineers review code.

Source: fb.com

Tags :
Share :
comments powered by Disqus

Related Posts

How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.

How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.

A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could lead to a directory traversal, allowing a malicious container to replace or create files on a user’s workstation. This vulnerability stemmed from an incomplete fix of a previously disclosed vulnerability (CVE-2019-1002101).

Read More
Unplugging From Digital Controls to Safeguard Power Grids

Unplugging From Digital Controls to Safeguard Power Grids

Late last week, the U.S. House of Representatives passed legislation to mandate federal research on a radically ‘retro’approach to protect power grids from cyber attack: unplugging or otherwise isolating the most criticalequipment from grid operators’ digital control systems. Angus King, an independent senator from Maine whose identical bill passedthe Senate last month, says such a managed retreat from networked controls may berequired to thwart the grid’s most sophisticated online adversaries. Grid cyber experts say the Securing Energy Infrastructure Act moving through Congress isa particular testament toMichael Assante, a gifted and passionate cybersecurity expert whodied earlier this monthfrom leukaemia at the age of 48.

Read More
Can Kubernetes Keep a Secret? It all depends what tool you’re using

Can Kubernetes Keep a Secret? It all depends what tool you’re using

Read More