StaDynA
StaDynA is a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). Our tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This work has been done at the University of Trento. Publication: The results of our research were presented at the 5th ACM Conference on Data and Application Security and Privacy (ACM CODASPY 2015). Please use the following bibtex reference to cite our paper: @inproceedings{StaDynA_Zhauniarovich2014, author = {Zhauniarovich, Yury and Ahmad, Maqsood and Gadyatskaya, Olga and Crispo, Bruno and Massacci, Fabio}, title = {{StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications}}, booktitle = {Proceedings of the 5th ACM Conference on Data and Application Security and Privacy}, series = {CODASP
FEATURES
ALTERNATIVES
Scans SPF and DMARC records for issues that could allow email spoofing.
A set of tools for securing JavaScript projects against software supply chain attacks.
An Outlook add-in for reporting suspicious emails to security teams and tracking user behavior during awareness campaigns.
Tools and documentation for validating hardware security requirements on x86 platforms, including bootable USB key creation and platform configuration verification.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Python package for processing and analyzing Zeek data with Pandas, scikit-learn, Kafka, and Spark, with offloading capabilities and improved data analysis features.
PINNED
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.