Dependency Combobulator Logo

Dependency Combobulator

0
Free
Visit Website

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven). Intended Audiences: The framework can be used by security auditors, pentesters and even baked into an enterprise's application security program and release cycle in an automated fashion. Main features: - Pluggable - interject on commit level, build, release steps in SDLC. - Expandable - easily add your own package management scheme or code source of choice. - General-purpose Heuristic-Engine - an abstract package data model provides agnostic heuristic approach supporting a wide range of technologies. - Flexible - decision trees can be determined upon insights or verdicts provided by the toolkit. - Easily extensible - the project is designed for practitioners to extend and fit the toolkit to their specific needs, allowing extension to other sources, public registries, and package management systems.

FEATURES

ALTERNATIVES

SAST and malware analysis tool for Android APKs with detailed scan information.

A popular free security tool for automatically finding security vulnerabilities in web applications

An integrated security platform that provides API discovery, runtime protection, security testing, and incident response capabilities for web applications, APIs, and AI systems.

Automatic authorization enforcement detection extension for Burp Suite

AWS Web Application Firewall (WAF) for protecting web applications from common exploits.

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.

Utility for comparing control flow graph signatures to Android methods with scanning capabilities for malicious applications.

DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.

PINNED