testable-eu / sast-testability-patternsLinks
Testability Pattern Catalogs for SAST
☆31Updated 8 months ago
Alternatives and similar repositories for sast-testability-patterns
Users that are interested in sast-testability-patterns are comparing it to the libraries listed below
Sorting:
- Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications (NDSS 2022)☆25Updated last year
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆110Updated last month
- YuraScanner☆57Updated 8 months ago
- FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities☆96Updated last year
- CodeQL zero to hero blog post series challenges☆147Updated 3 weeks ago
- Artifact for ICSE 2023☆50Updated 3 years ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆47Updated 3 years ago
- A framework for identifying vulnerabilities in VS Code extensions☆18Updated last year
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆157Updated last year
- Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to s…☆18Updated 8 months ago
- Parser utility to generate ASTs from PHP source code suitable to be processed by Joern.☆35Updated 5 years ago
- AutoSpear☆67Updated last year
- YASA is an open-source static program analysis project. Its core innovation lies in a unified intermediate representation called UAST, d…☆147Updated this week
- ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…☆25Updated 3 years ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆52Updated 2 years ago
- Companion repository of the "Dancer in the Dark" paper.☆19Updated last year
- Protect your PHP project from deserialization attacks! As seen on NDSS 2024☆14Updated 2 months ago
- Witcher is the first framework for using AFL to fuzz web applications.☆100Updated last year
- ☆29Updated 5 months ago
- VulZoo: A Comprehensive Vulnerability Intelligence Dataset | ASE 2024 Demo☆65Updated 7 months ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆257Updated 11 months ago
- Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)☆59Updated 6 months ago
- ☆25Updated 3 years ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆74Updated last year
- A set of Code-ql/Joern queries to find vulnerabilities☆65Updated 4 years ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆90Updated 7 years ago
- ☆53Updated 2 years ago
- Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities☆72Updated last year
- This project runs a Model Context Protocol (MCP) server that wraps the CodeQL query server. It enables tools like [Cursor](https://cursor…☆118Updated 6 months ago
- [NDSS 2024] ReqsMiner is an innovative fuzzing framework developed to discover previously unexamined inconsistencies in CDN forwarding re…☆23Updated last year