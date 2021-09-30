Digital access solution promises to reduce the risk of attacks ransomware

Apps that expose user data already have more than 29 millions of downloads The tool provided by Facebook, called Mariana Trench (MT), is used to analyze bases with tens of millions of lines of code to find vulnerabilities before they are introduced in some version of the programs. According to the social network, similar solutions automatically found 29% of all security flaws in the company’s applications. Facebook has previously released two code analysis tools with the function of preventing security problems: Pysa, for applications developed from Python; and Zoncolan, made for lines programmed with the Hack language. Want to catch up on the best tech news of the day? Access and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news from the tech world for you!

How it works Part of Mariana Trench documentation. (Image: Reproduction/Dácio Augusto)

The Mariana Trench tool works by analyzing the flow of data input information (or sources), as in sensitive user content (such as location and passwords); and output (sinks), which are functions and methods that use elements originating from sources.

If the solution finds in this process something that it should not have access to, it registers these chains of elements as a “problem”. In most cases, these flaws identified by Mariana Trench can lead to severe privacy and security vulnerabilities in the programs.

Dominik Gabi, Software Engineer at Facebook, explains: “a flow of information coming from a source and going to a sink indicates, for example, that a user’s password may be recorded in a file, which can cause privacy issues; and is identified as an issue by Mariana Trench.”

Facebook also claims that Mariana Trench can be used by developers to focus on security and privacy issues discovered outside of the tool. According to the giant of social networks, the solution allows the adjustment of the test environment and the addition of new rules so that the analysis takes place in more complex parts of the code.

The documentation, as well as the open source code of Mariana Trench, can be found here.

Source: BleepingComputer