SoheilKhodayari / JAW
JAW: A Graph-based Security Analysis Framework for Client-side JavaScript
☆101Updated last week
Related projects ⓘ
Alternatives and complementary repositories for JAW
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆40Updated last year
- Testability Pattern Catalogs for SAST☆29Updated 8 months ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆67Updated 3 years ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆147Updated 9 months ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆57Updated 10 months ago
- ☆28Updated last month
- Grammar-based HTTP/2 fuzzer with mutation ability☆42Updated 2 years ago
- Artifact for ICSE 2023☆46Updated 2 years ago
- FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities☆90Updated 11 months ago
- List of Trusted Types bypasses☆86Updated 7 months ago
- ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…☆22Updated 2 years ago
- A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…☆80Updated last week
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆44Updated last week
- Grammar-based HTTP/1 fuzzer with mutation ability☆243Updated 3 weeks ago
- ☆27Updated 2 years ago
- A framework for identifying vulnerabilities in VS Code extensions☆15Updated 4 months ago
- XS-Leak Browser Test Suite☆73Updated 11 months ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆15Updated last month
- A variant analysis and visualisation tool that scans codebases for similar vulnerabilities☆69Updated 2 years ago
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- AutoSpear☆54Updated 10 months ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆16Updated 3 years ago
- ☆17Updated 5 years ago
- ☆119Updated 6 months ago
- ☆45Updated last year
- The source code (including datasets) of V1SCAN (USENIX Security 2023; will be uploaded).☆38Updated last year
- A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications☆62Updated 3 years ago
- A curated list of awesome browser security learning material.☆130Updated 2 years ago
- Witcher is the first framework for using AFL to fuzz web applications.☆77Updated 11 months ago
- CodeQL zero to hero blog post series challenges☆86Updated 3 months ago