FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android, FlowDroid aims for an analysis with very high recall and precision. To achieve this goal, two main challenges were addressed: increasing precision by building an analysis that is context-, flow-, field- and object-sensitive, and increasing recall by creating a complete model of Android’s app lifecycle. The analysis is based on Soot and Heros, utilizing a precise callgraph for flow- and context-sensitivity, and IFDS-based flow functions for field- and object-sensitivity. An accurate and efficient alias search is crucial for context-sensitivity in conjunction with field-sensitivity.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A brute-force protection middleware for express routes that rate-limits incoming requests.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.