Custom security ruleset for the popular Java static analysis tool PMD.
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Custom Fortify SCA rules to detect common JSSE certification validation flaws
Script to test if a server is vulnerable to the JetLeak vulnerability
Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution
Sample Findbugs custom detector for finding potentially insecure Scala code.
This library was co-developed with a leading financial institution in order to build a single solution for Cross-Site Request Forgery (CSRF) prevention that is flexible enough to deploy firm-wide within diverse Java/J2EE web application environments.
ListLock APK contains the demo APK for the Using Mobile Substrate With Android Applications blog post
This repository contains slide decks and other materials for talks and research presented at various conferences.
IronWASP module to test security of SSL services. Ported from http://www.bolet.org/TestSSLServer/