FlowDroid
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android, FlowDroid aims for an analysis with very high recall and precision. To achieve this goal, two main challenges were addressed: increasing precision by building an analysis that is context-, flow-, field- and object-sensitive, and increasing recall by creating a complete model of Android’s app lifecycle. The analysis is based on Soot and Heros, utilizing a precise callgraph for flow- and context-sensitivity, and IFDS-based flow functions for field- and object-sensitivity. An accurate and efficient alias search is crucial for context-sensitivity in conjunction with field-sensitivity.
FEATURES
ALTERNATIVES
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.
Firejail is a SUID sandbox program for restricting the running environment of untrusted applications on Linux.
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A Burp extension for scanning JavaScript files for endpoint links
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
cwe_checker is a suite of checks to detect common bug classes in ELF binaries using Ghidra for firmware analysis.
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.