Explore @secure-software-engineering Open Source projects

Secure Software Engineering Group at Paderborn University and Fraunhofer IEM (@secure-software-engineering)

secure-software-engineering

Stars
3,100
Global Org. Rank 6,830 (Top 3 %)
Registered about 12 years ago
Most used languages

Java
70.7 %

JavaScript
7.3 %

Python
4.9 %

C++
4.9 %

Logos 2.4 %

HTML
2.4 %

Kotlin
2.4 %

Diff 2.4 %

Jupyter Notebook
2.4 %

FlowDroid

FlowDroid Static Data Flow Tracker

phasar

A LLVM-based static analysis framework.

DroidBench

A micro-benchmark suite to assess the stability of taint-analysis tools for Android

SuSi

SuSi - our tool to automatically discover sources and sinks in the Android framework

tamiflex

TamiFlex facilitates static analysis of programs that use reflection and custom class loaders

PointerBench

A points-to and alias analysis benchmark suite

COVA

COVA - A static analysis tool to compute path conditions

TypeEvalPy

A Micro-benchmarking Framework for Python Type Inference Tools

boomerang

Boomerang is a on-demand context and flow-sensitive pointer analysis for Java.

swan

Security methods for WeAkNess detection

sootdiff

SootDiff - Bytecode Comparison Across Different Java Compilers

DroidForce

DroidForce Project Repository. See our ARES'2014 paper for the details on DroidForce.

SootFX

A Static Code Feature Extraction Tool for Java and Android

secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.

authcheck

Analysis for access-control vulnerabilities in Java Spring Security applications.

SPLlift

Jimple-Interpreter

Soot based Jimple interpreter

HeaderGen

HeaderGen annotates Jupyter notebooks using static analysis. Improves PyCG's call graph analysis by supporting external libraries and flow-sensitivity.

Jupyter Notebook

SPDS-experiments

secucheck-core

Taint Analysis on top of Soot.

ideal

IDE/AL - Alias-Aware Framework for Interprocedural Dataflow Analysis

android-instrumentation-tutorial

denial-of-app-attack

Denial-Of-App Attack

cheetah

Eclipse plugin for a JIT taint analysis

opcua-scanner

An opcua client scanning for servers in a network

rose

Research Tool for Online Social Environments

upcy

UpCy automatically finds compatible updates for Maven dependencies.

achilles-benchmark-depscanners

Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59

PathExpression

An implementation of Tarjan's PathExpression algorithm

SparseBoomerang

Sparse Demand-Driven Pointer Analysis

jadx-taintdoc

Jadx extended to ease documentation of taint flows

neck

spring-petclinic-kotlin

Vulnerable version of the Spring PetClinic application in Kotlin

cards

Component-based Assumptions and Restrictions for Dataflow Specifications

FlowStar

Common base project for taint analyses such as FlowDroid et al.

modguard

soot-infoflow-testgenerator

Test case generator for FlowDroid

tamiflex.benchmarks

Automatically exported from code.google.com/p/tamiflex.benchmarks

TS4J

A fluent interface for defining and computing typestate analyses

crimestop

visuflow

VisuFlow - An Eclipse plugin that helps static code developers in writing static analyses on top of Soot.

ivy

CogniCrypt-IntelliJ

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio

SparseIDE

Sparse IDE/IFDS solver and client implementation

paper-idesolverxx

Supplementary website for the paper "Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications"