Free Access Now: Ruby Security Field Guide

Ruby is vulnerable. Learn how to avoid introducing its vulnerabilities into your projects, and secure popular open source software built on the language.


Our research often results in the development of proprietary tools. We are in the process of productizing several of these tools for the benefit of enterprise clients.

Tidas: Make passwords obsolete

By making passwords obsolete, Tidas preserves users’ privacy, and minimizes app-developers’ liability. It uses iOS9’s APIs to allow users to authenticate with their fingerprints, without exposing any sensitive data to the outside world. As a simple SDK drop-in, it’s as easy to install as it is to use. Learn more on Github.

MAST: Mobile App Security Toolkit

The result of research funded by the Defense Advanced Research Projects Agency (DARPA), MAST protects apps from attackers, reverse engineers, software pirates, and competitors. It seamlessly integrates into the development process and requires no changes to the app’s source code, allowing developers to launch sooner and have confidence in their security. Learn more on our blog.

iVerify: iOS Integrity Verification

The above video demonstrates an integrity validator for iOS devices that we have developed in our lab. Our software is able to reliably detect modifications to iOS devices, including malware and jailbreaks, without the use of signatures. We are currently in the process of productizing a suite of mobile device validation and integrity tools for use by enterprises. In mid 2013, we released an open-source version of iVerify capable of working on a limited subset of devices. To receive updates about iVerify and similar products, please signup for our mailing list.