Facebook launches security tool for Java and Android developers – the clare people
The tool provided by Facebook, called Mariana Trench (MT), is used to scan databases containing tens of millions of lines of code in order to find vulnerabilities before they are introduced into a version of the programs. According to the social network, similar solutions automatically found 29% of all security holes in corporate applications.
Facebook previously released two code analysis tools designed to prevent security issues: Pysa, for applications developed from Python; and Zoncolan, made for lines programmed with Hack language.
Want to keep up to date with the hottest tech news of the day?Access and subscribe to our new youtube channel, Canaltech News. Every day a summary of the main news from the tech world for you!
How it works
The Mariana Trench tool works by analyzing the flow of data input information (or sources), as in sensitive user content (such as location and passwords); and exit (the wells), which are functions and methods that use elements from sources.
If the solution finds something in this process that it shouldn’t have access to, it logs those item strings as a “problem”. In most cases, these flaws identified by Mariana Trench can lead to serious privacy and security breaches in programs.
Dominik Gabi, Software Engineer at Facebook, explains: “a flow of information from a The source and go to a sink indicates, for example, that a user’s password can be saved to a file, which can cause privacy concerns; and is identified as a problem by Mariana Trench.
Facebook also claims that Mariana Trench can be used by developers to focus on security and privacy issues discovered outside of the tool. According to the social media giant, the solution allows the adjustment of the test environment and the addition of new rules so that the analysis takes place in more complex parts of the code.
Documentation, as well as Open source code from Mariana Trench, can be found here.
Did you like this article?
Subscribe to your email on Canaltech to receive daily updates with the latest news from the world of technology. 1024 511405 511405 511405