Secure Software Engineering Group at Paderborn University and Fraunhofer IEM (@secure-software-engineering)

Top repositories

1

FlowDroid

FlowDroid Static Data Flow Tracker
Java
1,053
star
2

phasar

A LLVM-based static analysis framework.
C++
933
star
3

DroidBench

A micro-benchmark suite to assess the stability of taint-analysis tools for Android
Java
268
star
4

SuSi

SuSi - our tool to automatically discover sources and sinks in the Android framework
Java
143
star
5

tamiflex

TamiFlex facilitates static analysis of programs that use reflection and custom class loaders
Java
42
star
6

PointerBench

A points-to and alias analysis benchmark suite
Java
35
star
7

COVA

COVA - A static analysis tool to compute path conditions
Python
32
star
8

TypeEvalPy

A Micro-benchmarking Framework for Python Type Inference Tools
Python
27
star
9

boomerang

Boomerang is a on-demand context and flow-sensitive pointer analysis for Java.
Java
23
star
10

swan

Security methods for WeAkNess detection
Java
19
star
11

sootdiff

SootDiff - Bytecode Comparison Across Different Java Compilers
Java
19
star
12

DroidForce

DroidForce Project Repository. See our ARES'2014 paper for the details on DroidForce.
Java
18
star
13

SootFX

A Static Code Feature Extraction Tool for Java and Android
Java
18
star
14

secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.
Java
16
star
15

authcheck

Analysis for access-control vulnerabilities in Java Spring Security applications.
JavaScript
14
star
16

SPLlift

Java
14
star
17

Jimple-Interpreter

Soot based Jimple interpreter
Java
14
star
18

HeaderGen

HeaderGen annotates Jupyter notebooks using static analysis. Improves PyCG's call graph analysis by supporting external libraries and flow-sensitivity.
Jupyter Notebook
13
star
19

SPDS-experiments

Java
11
star
20

secucheck-core

Taint Analysis on top of Soot.
Java
10
star
21

ideal

IDE/AL - Alias-Aware Framework for Interprocedural Dataflow Analysis
Java
10
star
22

android-instrumentation-tutorial

Logos
10
star
23

denial-of-app-attack

Denial-Of-App Attack
Java
8
star
24

cheetah

Eclipse plugin for a JIT taint analysis
Java
8
star
25

opcua-scanner

An opcua client scanning for servers in a network
Java
8
star
26

rose

Research Tool for Online Social Environments
JavaScript
7
star
27

upcy

UpCy automatically finds compatible updates for Maven dependencies.
Java
7
star
28

achilles-benchmark-depscanners

Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59
Java
7
star
29

PathExpression

An implementation of Tarjan's PathExpression algorithm
Java
4
star
30

SparseBoomerang

Sparse Demand-Driven Pointer Analysis
Java
4
star
31

jadx-taintdoc

Jadx extended to ease documentation of taint flows
Java
4
star
32

neck

C++
3
star
33

spring-petclinic-kotlin

Vulnerable version of the Spring PetClinic application in Kotlin
Kotlin
2
star
34

cards

Component-based Assumptions and Restrictions for Dataflow Specifications
Java
1
star
35

FlowStar

Common base project for taint analyses such as FlowDroid et al.
1
star
36

modguard

Java
1
star
37

soot-infoflow-testgenerator

Test case generator for FlowDroid
1
star
38

tamiflex.benchmarks

Automatically exported from code.google.com/p/tamiflex.benchmarks
Diff
1
star
39

TS4J

A fluent interface for defining and computing typestate analyses
Java
1
star
40

crimestop

1
star
41

visuflow

VisuFlow - An Eclipse plugin that helps static code developers in writing static analyses on top of Soot.
Java
1
star
42

ivy

JavaScript
1
star
43

CogniCrypt-IntelliJ

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio
Java
1
star
44

SparseIDE

Sparse IDE/IFDS solver and client implementation
1
star
45

paper-idesolverxx

Supplementary website for the paper "Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications"
HTML
1
star