Application Security

Runtime Mobile Security (RMS) is a powerful web interface powered by FRIDA for manipulating Android and iOS Apps at Runtime.

JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.

A community website for API security news, vulnerabilities, and best practices

Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.

A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.

Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.

DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.

Python tool for monitoring user-select APIs in Android apps using Frida.

Python wrapper for Android APK decompilation with various converter and decompiler options.

An open-source web application security scanner framework that identifies vulnerabilities in web applications.

Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.

DumpsterDiver analyzes large datasets to detect hardcoded secrets, keys, and passwords using entropy calculations and customizable search rules.

LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.

Utilize the kernel's CSPRNG for generating crypto keys instead of userspace CSPRNGs to avoid randomness failures.