{"id":7005,"date":"2025-04-15T13:33:29","date_gmt":"2025-04-15T20:33:29","guid":{"rendered":"https:\/\/objectsecurity.com\/?p=7005"},"modified":"2025-04-15T13:33:29","modified_gmt":"2025-04-15T20:33:29","slug":"hackthebay-2025","status":"publish","type":"post","link":"https:\/\/objectsecurity.com\/hackthebay-2025\/","title":{"rendered":"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1872px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p><span>At HackTheBay 2025, ObjectSecurity will present \u201cBeyond SAST: Advancing Vulnerability Detection with Symbolic Execution,\u201d a session focused on overcoming the limitations of traditional Static Application Security Testing (SAST). While SAST plays a key role in securing software, it often struggles with dynamic inputs, runtime behavior, and complex control flows, leading to missed vulnerabilities and false positives. This presentation introduces symbolic execution as a powerful way to extend the reach of static analysis and detect vulnerabilities that would otherwise go unnoticed. By simulating all feasible execution paths and analyzing inputs symbolically, symbolic execution can uncover critical issues such as memory safety violations. We\u2019ll show how this approach can enhance automation, increase accuracy, and reduce noise in security analysis. We\u2019ll also discuss the practical challenges of symbolic execution like path explosion and share strategies to mitigate them. This session offers a practical look at how symbolic execution can push vulnerability detection beyond today\u2019s limitations.<\/span><\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_3 1_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:33.333333333333%;--awb-margin-top-large:0px;--awb-spacing-right-large:5.76%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:5.76%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-xlarge button-default fusion-button-default button-1 fusion-button-span-yes fusion-button-default-type\" target=\"_self\" href=\"https:\/\/cfp.pacifichackers.com\/hackthebay-2025\/talk\/\"><span class=\"fusion-button-text\">Presentation Schedule<\/span><\/a><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_3 1_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:33.333333333333%;--awb-margin-top-large:0px;--awb-spacing-right-large:5.76%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:5.76%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-xlarge button-default fusion-button-default button-2 fusion-button-span-yes fusion-button-default-type\" target=\"_self\" href=\"https:\/\/objectsecurity.com\/contact-us\/\"><span class=\"fusion-button-text\">Contact Us<\/span><\/a><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_1_3 1_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:33.333333333333%;--awb-margin-top-large:0px;--awb-spacing-right-large:5.76%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:5.76%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-xlarge button-default fusion-button-default button-3 fusion-button-span-yes fusion-button-default-type\" target=\"_self\" href=\"https:\/\/objectsecurity.com\/binlens\"><span class=\"fusion-button-text\">BinLens &#8211; Binary Analysis<\/span><\/a><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":7,"featured_media":7006,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[63,17],"tags":[],"class_list":["post-7005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-binlens","category-event"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025 - ObjectSecurity<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/\"},\"author\":{\"name\":\"Dan Mathews\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#\\\/schema\\\/person\\\/14b868388b1a079ff39642a078cea62d\"},\"headline\":\"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025\",\"datePublished\":\"2025-04-15T20:33:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/\"},\"wordCount\":3096,\"image\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/HacktheBay.png?fit=600%2C337&ssl=1\",\"articleSection\":[\"BinLens\",\"Event\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/\",\"url\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/\",\"name\":\"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025 - ObjectSecurity\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/HacktheBay.png?fit=600%2C337&ssl=1\",\"datePublished\":\"2025-04-15T20:33:29+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#\\\/schema\\\/person\\\/14b868388b1a079ff39642a078cea62d\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/HacktheBay.png?fit=600%2C337&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/HacktheBay.png?fit=600%2C337&ssl=1\",\"width\":600,\"height\":337},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/hackthebay-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/objectsecurity.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#website\",\"url\":\"https:\\\/\\\/objectsecurity.com\\\/\",\"name\":\"ObjectSecurity\",\"description\":\"OT\\\/ICS Asset Binary Vulnerability Analysis and Reporting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/objectsecurity.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#\\\/schema\\\/person\\\/14b868388b1a079ff39642a078cea62d\",\"name\":\"Dan Mathews\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b06577e2636149f9ca4ada40c7d935744591ec4ec49be5865e3f0180e5d38b15?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b06577e2636149f9ca4ada40c7d935744591ec4ec49be5865e3f0180e5d38b15?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b06577e2636149f9ca4ada40c7d935744591ec4ec49be5865e3f0180e5d38b15?s=96&d=mm&r=g\",\"caption\":\"Dan Mathews\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025 - ObjectSecurity","robots":{"index":"noindex","follow":"follow"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#article","isPartOf":{"@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/"},"author":{"name":"Dan Mathews","@id":"https:\/\/objectsecurity.com\/#\/schema\/person\/14b868388b1a079ff39642a078cea62d"},"headline":"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025","datePublished":"2025-04-15T20:33:29+00:00","mainEntityOfPage":{"@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/"},"wordCount":3096,"image":{"@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2025\/04\/HacktheBay.png?fit=600%2C337&ssl=1","articleSection":["BinLens","Event"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/","url":"https:\/\/objectsecurity.com\/hackthebay-2025\/","name":"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025 - ObjectSecurity","isPartOf":{"@id":"https:\/\/objectsecurity.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#primaryimage"},"image":{"@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2025\/04\/HacktheBay.png?fit=600%2C337&ssl=1","datePublished":"2025-04-15T20:33:29+00:00","author":{"@id":"https:\/\/objectsecurity.com\/#\/schema\/person\/14b868388b1a079ff39642a078cea62d"},"breadcrumb":{"@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/objectsecurity.com\/hackthebay-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#primaryimage","url":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2025\/04\/HacktheBay.png?fit=600%2C337&ssl=1","contentUrl":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2025\/04\/HacktheBay.png?fit=600%2C337&ssl=1","width":600,"height":337},{"@type":"BreadcrumbList","@id":"https:\/\/objectsecurity.com\/hackthebay-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/objectsecurity.com\/"},{"@type":"ListItem","position":2,"name":"Pushing Beyond SAST with Symbolic Execution \u2013 HackTheBay 2025"}]},{"@type":"WebSite","@id":"https:\/\/objectsecurity.com\/#website","url":"https:\/\/objectsecurity.com\/","name":"ObjectSecurity","description":"OT\/ICS Asset Binary Vulnerability Analysis and Reporting","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/objectsecurity.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/objectsecurity.com\/#\/schema\/person\/14b868388b1a079ff39642a078cea62d","name":"Dan Mathews","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b06577e2636149f9ca4ada40c7d935744591ec4ec49be5865e3f0180e5d38b15?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b06577e2636149f9ca4ada40c7d935744591ec4ec49be5865e3f0180e5d38b15?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b06577e2636149f9ca4ada40c7d935744591ec4ec49be5865e3f0180e5d38b15?s=96&d=mm&r=g","caption":"Dan Mathews"}}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2025\/04\/HacktheBay.png?fit=600%2C337&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts\/7005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/comments?post=7005"}],"version-history":[{"count":2,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts\/7005\/revisions"}],"predecessor-version":[{"id":7008,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts\/7005\/revisions\/7008"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/media\/7006"}],"wp:attachment":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/media?parent=7005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/categories?post=7005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/tags?post=7005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}