What is Cybellum?

Cybellum is a platform for risk assessment and automated vulnerability detection within compiled programs.

What do I send to Cybellum, and what do I receive in return?

Cybellum receives binary files, and outputs two types of reports:

  • A comprehensive vulnerability report – for technical staff that wants to fix vulnerabilities.
  • A risk assessment report – for managers who need to assess the program’s risk.
Is Cybellum easy to use?

Cybellum is extremely versatile. Used by a security researcher, it can be robust and configurable. That said, anyone can upload a program and receive the reports.

What do you mean when you talk about "vulnerabilities"?

Vulnerability is a bug with potential impact on program security. Specifically, it’s usually an error in either programming, logic, judgement or configuration that makes the program more vulnerable.

Vulnerabilities can be found in the design, or in the implementation of the software.

Does Cybellum detect all types of vulnerabilities in any program?

Cybellum does not detect logic vulnerabilities, as they aren’t rooted in technology. Other than that, we detect all types of vulnerabilities.

How is Cybellum different than Static Analysis tools?

Static Analysis Tools require source code to operate, Cybellum doesn’t.

Static Analysis Tools check the software prior to compilation, missing vulnerabilities that occur only during runtime.

How is Cybellum different than development tools such as Valgrind?

Valgrind and other development tools are not focused on finding vulnerabilities, but rather all bugs, and are extremely slow – slowing the tested software x25-50.

Cybellum does not slow the tested software, and is able to focus on vulnerabilities.

How is Cybellum different than Dynamic Analysis tools for web?
Cybellum isn’t directly comparable to Web Dynamic Analysis, as the types of vulnerabilities it detects is cardinally different than webapp and network vulnerabilities.
Can Cybellum damage my program?

No. Cybellum analyzes the program in a passive and program-agnostic manner, without interfering with its operation.

How can I verify that Cybellum’s report is correct?
Cybellum’s report is easily verifiable by a software engineer, as all vulnerabilities are detected in a deterministic and reproducible manner.

See How Cybellum Detects Vulnerabilities and Assesses Software Risk

See How Cybellum Detects Vulnerabilities and Assesses Software Risk