ECG

"Scan your Code as you would do with your Heart"

ECG is based in Turin, Italy. We help companies secure applications with automated security analysis that quickly uncovers security flaws in source code.
With our innovative code analysis algorithms that are specifically dedicated to TCL/ADP programming language we are able to detect complex vulnerabilities.

Contact Us
Turin Skyline

History

ECG terminal

How ECG is born?

The main idea behind ECG was born after a two week of TCL source code security assessment. Since at that time there wasn't any tool available on the market ,nor in the open source community, able to scan TCL/ADP (its implementation in Open ACS, NaviServer and AOLserver commands) source code for vulnerabilities I ended up loading the entire repository inside Sublime; grep matching and searching for known dangerous function calls and possible server misconfigurations.
The workload was huge, more than 1.500.000 lines of code; after it ended, I discovered that TCL web or stand-alone application were more common than I was thinking. A simple Shodan search, returned more than 12.000 results for AOLserver.
With that in mind and all the effort made in the past two weeks I began thinking of a way to speed-up future TCL source code review. In the meantime, I was also thrilled by the opportunity of creating a tool enabling companies still relaying on TCL language to scan their code for vulnerabilities.

Why is called ECG?

The first version of ECG was like a big python script with embedded regex in order to "grep and match" known function calls. It's internal name was in fact Extended Code Grepper (ECG).
I borrowed the main idea from another existing tool: Visual Code Grepper (VCG) made by NCC.

How ECG evolved from its first version?

From its first version ECG evolved a lot; from a simple code grepper, all the following functionalities has been implemented:

  • Created a database of almost hundred check of dangerous function calls and vulnerabilities for:
    • TCL language
    • Open ACS
    • AOLserver
    • NaviServer
  • Ability to generate a list of procedures and sub-routines per file
  • Ability to generate a list of parameters per file
  • Generate a list of imported packages
  • Scan for hard-coded secrets
  • Scan for comments

Paolo Stagno

Paolo Stagno Portrait

Paolo Stagno (aka VoidSec) has worked as a consultant for a wide range of clients across top tier international banks, major tech companies and various Fortune 1000 industries.

At ZeroDayLab, he was responsible for discovering and exploiting new unknown vulnerabilities in web applications, network infrastructure components, IoT devices, new protocols and technologies.
He is now a freelance security researcher and a penetration tester focused on offensive application security. He enjoys understanding the digital world we live in, disassembling, reverse engineering and exploiting complex products and code.

In his own research, he discovered various vulnerabilities in software of multiple vendors and tech giants like Cisco, eBay, Facebook, Fastweb, Google, HP, McAfee, Opera, Oracle, Paypal, TIM, Western Union, Yahoo and many others.

Since the beginning of his career, he has enjoyed sharing his expertise with the security community with his website and blog (voidsec.com). He is also an active speaker in various security conferences around the globe like: Typhooncon, Hacktivity, SEC-T, HackInBo, TOHack, Droidcon.

A non-exhaustive list of public vulnerabilities and CVEs that I have discovered can be found here.