Collaborate Disseminate
The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and p… Continue reading MobSF: Open-source security research platform for mobile apps
RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level o… Continue reading RiskInDroid: Open-source risk analysis of Android apps
In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis a… Continue reading What does optimal software security analysis look like?
Deep code analysis designed for developers and focused on code quality is here.
When you have an awesome new product aimed at helping developers catch and fix code quality issues during code review, it’s hard not to get excited. Then, combine that… Continue reading 3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift
What’s your average success rate of getting a SQL statement right on the first try? In best case, you botched a simple statement without side effects and just have to try again with correct syntax or remove that typo from a table name, but things can easily go wrong fast …read more
Continue reading Get Your SQL Statements Right the First Time With SQL Lint
Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa (Python Static Analyzer), a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn’t. H… Continue reading Facebook open-sources a static analyzer for Python code
The future of business relies on being digital – but all software deployed needs to be secure and protect privacy. Yet, responsible cybersecurity gets in the way of what any company really wants to do: innovate fast, stay ahead of the competition, and … Continue reading Automate manual security, risk, and compliance processes in software development
Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features – or backdoors. About Microsoft Application Inspector “At M… Continue reading Microsoft Application Inspector: Check open source components for unwanted features
Google has removed 17,000 Joker-infested apps from the Play store to date. Continue reading Joker Android Malware Snowballs on Google Play
Let’s be honest, no one likes to see their program crash. It’s a clear sign that something is wrong with our code, and that’s a truth we don’t like to see. We try our best to avoid such a situation, and we’ve seen how compiler warnings and other static code analysis tools can help us to detect and prevent possible flaws in our code, which could otherwise lead to its demise. But what if I told you that crashing your program is actually a great way to improve its overall quality? Now, this obviously sounds a bit counterintuitive, after all …read more
Continue reading Crash your code – Lessons Learned From Debugging Things That Should Never Happen™