GAPS: Guiding Dynamic Android Analysis with Static Path Synthesis

Dynamically resolving method reachability in Android applications remains a critical and largely unsolved problem. Despite notable advancements in GUI testing and static call graph construction, current tools are insufficient for reliably driving execution toward specific target methods, especial...

EUVD-2021-19525

Malware in sbrugna...

CVE-2021-32754

FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...

CVE-2021-32754

FlowDroid is a data flow analysis tool. CVE-2021-32754 describes an XML External Entity (XXE) vulnerability in FlowDroid versions prior to 2.9.0, where an attacker who can control the XML-based source/sink definition file could read files from external locations. The vulnerability requires use of...

CVE-2021-32754 Improper Restriction of XML External Entity Reference in de.tud.sse

FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...

Nagios Network Analyzer Self-XSS Vulnerability

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...

Top 3 Tech Challenges RASP/(ng)WAF Vendors Are Faced With

Here I’d like to share my experience and pain in building L7 data protection solutions which are frequently called WAF/ngWAFs or RASPs. I started to build it back in 2009 from a simple detection logic based on self-adopted heuristics for a CTF competition and then build an entire company on machi...

WAP - Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...

Web Application Protection - Tool to detect and correct vulnerabilities in PHP web applications

WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher and with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-si...