Skip to main content

Melissa Elliott

Melissa Elliott is an application security researcher who has been writing loud opinions from a quiet corner of the Veracode office for two years and counting. She enjoys yelling about computers on Twitter and can be bribed with white chocolate mocha.

Posts by Melissa Elliott
  • Misfeatures Strike Again
    September 25, 2014  | Research
    Misfeatures Strike Again

    Bash – the Unix shell – came out when I was fourteen months old. It was a replacement for a similar program that came out eleven years before I was born. By the time I was learning to read, it’d already had years to mature and stabilize. The very first time I ever sat down at a Linux prompt, bash was fifteen years old. It’s now twenty-five… READ MORE

Stay up to date on Application Security

  • Do Not Pass QA, Do Not Goto Fail: Catching Subtle Bugs In The Act

    Bugs happen. Severe bugs happen. Catastrophic bugs happen. There's simply no way to know how, exactly, the Goto Fail Bug – a tiny mistake which happened to disable an entire step of SSL verification deep in Apple code – ended up getting written into sslKeyExchange.c and saved. What is clear is that the bug got through Apple's QA process… READ MORE

  • Static Analysis: Following Along at Home with Hopper's Decompiler Feature, Part 1

    No source code? No problem! That's the motto of the binary analyst. We at Veracode have pushed the limits of static analysis (studying a program's behavior without running it) to automatically detect and report security vulnerabilities in our customers' codebases. Doing binary static analysis by hand is still a worthwhile skill, however, with myriad practical uses: Uncovering the behavior of… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.