Secure Software Engineering Group at Paderborn University and Fraunhofer IEM

Repositories

• phasar

  A LLVM-based static analysis framework.

  c cpp llvm static-analysis program-analysis data-flow-analysis
  C++ 95 559 29 4 Updated Jul 26, 2021

• secucheck

  Boomerang-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.
  HTML MIT 0 2 1 0 Updated Jul 22, 2021

• FlowDroid

  FlowDroid Static Data Flow Tracker

  static-analysis flowdroid data-flow-tracker
  Java LGPL-2.1 202 531 116 5 Updated Jul 22, 2021

• jadx-taintdoc

  Jadx extended to ease documentation of taint flows
  Java 1 1 0 0 Updated Jul 16, 2021

• COVA

  COVA - A static analysis tool to compute path conditions
  Python LGPL-2.1 5 25 0 0 Updated Jul 15, 2021

• secucheck-core

  Taint Analysis based on Boomerang
  Java MIT 0 0 0 1 Updated Jul 8, 2021

• secucheck-catalog
  0 0 0 0 Updated Jul 1, 2021

• achilles-benchmark-depscanners

  Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59
  Java 0 0 0 13 Updated Jun 4, 2021

• tamiflex

  TamiFlex facilitates static analysis of programs that use reflection and custom class loaders
  Java 11 32 7 2 Updated May 15, 2021

• authcheck

  Analysis for access-control vulnerabilities in Java Spring Security applications.

  java security authentication authorization springframework access-control soot
  JavaScript MIT 4 11 0 3 Updated May 12, 2021

• Jimple-Interpreter

  Soot based Jimple interpreter
  Java Apache-2.0 1 7 0 2 Updated Mar 31, 2021

• CogniCrypt-IntelliJ

  Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio

  static-code-analysis intellij-plugin android-studio-plugin security-scanner api-misuse
  Java MIT 1 1 0 5 Updated Feb 19, 2021

• CogniCrypt-CI-Integration

  This repository contains code for a Jenkins adaptor for CogniCrypt which is based on warnings-ng-plugin https://github.com/jenkinsci/warnings-ng-plugin
  Java MIT 1 0 5 0 Updated Feb 19, 2021

• FalseCrypt
  Java 1 0 0 0 Updated Feb 19, 2021

• DroidBench

  A micro-benchmark suite to assess the stability of taint-analysis tools for Android
  Java 98 198 12 5 Updated Jan 28, 2021

• mudarri

  Source code of the Mudarri IntelliJ plugin, using rule graphs
  Java Apache-2.0 3 0 0 1 Updated Oct 13, 2020

• sootdiff

  SootDiff - Bytecode Comparison Across Different Java Compilers
  Java MIT 2 8 0 1 Updated Oct 13, 2020

• swan

  Security methods for WeAkNess detection
  Java BSD-3-Clause 5 11 19 1 Updated Jul 1, 2020

• SAGuidelines
  MIT 0 0 0 0 Updated Mar 12, 2020

• boomerang

  Boomerang is a on-demand context and flow-sensitive pointer analysis for Java.
  Java LGPL-2.1 3 15 0 0 Updated Nov 29, 2019

• CryptoAnalysis

  Forked from CROSSINGTUD/CryptoAnalysis

  CryptoAnalysis fork for the Testify project
  Java EPL-2.0 28 1 0 0 Updated Aug 7, 2019

• visuflow

  VisuFlow - An Eclipse plugin that helps static code developers in writing static analyses on top of Soot.
  Java Apache-2.0 3 0 7 0 Updated Jul 29, 2019

• vulnerability-of-the-day

  Forked from votd/vulnerability-of-the-day

  A pedagogically-curated collection of vulnerability demonstrations for undergraduate software engineering students.
  Java 8 6 0 0 Updated Mar 1, 2019

• cilrep

  JVM-based representation (and manipulation) of CIL bytecode
  Java Apache-2.0 0 0 0 0 Updated Jan 29, 2019

• modguard
  Java LGPL-2.1 0 1 0 0 Updated Dec 8, 2018

• SPDS-experiments
  Java 1 3 0 0 Updated Oct 10, 2018

• PointerBench

  A points-to and alias analysis benchmark suite
  Java 4 17 1 0 Updated Sep 24, 2018

• opcua-scanner

  An opcua client scanning for servers in a network
  Java 2 5 0 0 Updated Jul 26, 2018

• soot-panathon

  Soot Fork for the ISSTA2018 Panathon
  Java LGPL-2.1 1 0 0 0 Updated Jul 12, 2018

• cheetah

  Eclipse plugin for a JIT taint analysis
  Java EPL-1.0 6 7 0 0 Updated Jul 4, 2018