Search Results for "static code analysis"

...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes.

Dynamic and static analysis with Sandboxie for Windows, including EDR, ClamAV, YARA-X, custom machine learning AI, behavioral analysis, NLP-based detection, website signatures, Ghidra, Suricata, Sigma, and much more than you can imagine

FACPL: a Java-based library for the specification and enforcement of Access Control policies - Attribute-based Access Control Policies - Advanced features for the management of, e.g., combining algorithms and missing attributes - Generation of XACML code starting from FACPL code - Generation of FACPL code starting from XACML code Source Code: https://github.com/andreamargheri/FACPL/

...WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. ...

PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis. This tool package is based upon: - ANTLR 3.2 or higher (www.antlr.org). - JDK 1.6 or higher (java.sun.com). - Grammar specifications of PHP 5.3.

CesTa (Code Enhancing Security Transformation and Analysis) is a tool for enhancing security by program transformations. Focused on Smart Cards (Java Card in particular), powered by Ant, ANTLR and StringTemplates.

A suite of source and binary programs to test the capabilities of code analysis tools. A reference implementation of x86 binary analysis in C# is also included.

InsecureWebApp is a web app that includes common web application vulnerabilities including SQL&Html Injection- see owasp.org. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.

Web Server Protection and Analysis Tool

KF Checker infers information flow rules from source code. The rules obtained in this way are used to create a theory which it then exploited to prove that information flow policies are respected.