StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major […]
static analysis
Graudit v1.9 Download – Grep Source Code Auditing Tool
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications and source code auditing tool sets like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. You […]
Yasca – Multi-Language Static Analysis Toolset
Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis. Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages It leverages on external open source […]
Brakeman – Static Analysis Rails Security Scanner
Brakeman is a Rails security scanner – unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found. It […]
OWASP CodeCrawler – Static Code Review Tool
[ad] CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few […]