This article presents a thorough mobile app penetration‑testing guide covering objectives, scope, testing methods, step‑by‑step workflow, recommended tools, reporting structure, and remediation advice to help developers and security professionals secure their applications.
Cursor 2.2 introduces a new Debug Mode that automates the full bug‑fix workflow—hypothesis, instrumentation, reproduction, analysis, and verification—bringing runtime awareness to AI coding assistants and overcoming the hallucination and “ghost bug” problems of previous static‑analysis tools.
Fuzz testing injects massive amounts of random or semi‑random inputs into applications to expose crashes, logic errors, and security flaws, and the article explains its principles, the types of defects it uncovers, real‑world practices at Google Chrome, and step‑by‑step Java integration using CI Fuzz and JUnit.
This article compares the traditional Xposed‑based dynamic privacy checker with a new Gradle‑plugin instrumentation approach, explains the design and implementation of the Transform API‑driven solution, shows performance metrics, provides usage instructions, and outlines automated testing and future improvements for Android apps.
This article details how a microservice‑based backend team designed and implemented a code‑analysis platform that creates a knowledge base, enables precise test selection and application slimming, and ultimately accelerates demand iteration while reducing dead code and unnecessary test runs.
This article explores why Android apps are increasingly linked in AI‑driven security assessments, examines academic papers on feature extraction, compares static and dynamic obfuscation techniques, reviews industry protection solutions, and proposes a plug‑in‑based dynamic obfuscation framework that maximizes feature dispersion while preserving app functionality.
This article explains how to use static analysis tools like IDEA and PMD together with dynamic coverage tools such as JaCoCo to identify, clean up, and refactor unused, duplicated, or dead Java code in large backend projects, improving maintainability and stability.
This article explains the fundamentals of code visualization, why it is needed, presents several real‑world scenarios, and details both static (source‑based and bytecode‑based) and dynamic analysis techniques for generating call graphs, along with their advantages, disadvantages, tools, and case studies.
This article describes how to construct a code‑analysis platform for Java micro‑services that builds a knowledge base through static, semi‑dynamic and dynamic analysis, enabling precise test‑case selection and safe removal of dead code to improve iteration efficiency and system maintainability.
The article details Baidu’s iOS bundle‑size reduction strategy by converting PNG/JPG assets to HEIC using macOS tools or ImageMagick, storing them in Asset Catalogs for iOS 10+ compatibility, handling alpha‑channel quirks, and employing combined static‑link‑map and runtime class‑initialization analysis to safely prune unused Objective‑C classes.
This article introduces code‑level quality technology, outlining its background, a two‑layer architecture for code comprehension and instrumentation, key techniques such as static and dynamic analysis, coverage metrics, intelligent unit testing, rule‑based scanning, and orphan function detection, while previewing deeper future explorations.
Precise testing technology uses static code scanning and dynamic tracing to build a Neo4j call‑graph, automatically recommends test scopes and cases via diff analysis and weighted relationships—including call‑count, module, text similarity, and GCN—thereby improving test adequacy, cutting regression cycles, and dramatically reducing test execution time.
This article compiles a thorough list of Android security testing resources, covering online analysis platforms, static and dynamic analysis utilities, vulnerability scanners, reverse‑engineering tools, fuzzers, app‑repackaging detectors, market crawlers, miscellaneous aids, and references to academic publications and bug‑bounty programs.
This article presents the background, industry challenges, design principles, architecture, core capabilities, and implementation details of JD Tech's privacy compliance detection system for mobile applications, highlighting both static and dynamic analysis techniques to identify and remediate personal data risks.
This comprehensive guide explains why code auditing is essential for modern enterprises, compares enterprise and white‑hat audits, outlines a seven‑step methodology, and reviews both open‑source and commercial SAST tools with practical case studies across PHP, Node.js, Python, and Go.
The article describes a precise impact‑testing tool for distributed Java services that detects code changes through AST diffs, combines static bytecode analysis with a java‑agent‑based dynamic tracer, aggregates cross‑service call graphs via tracing (or SkyWalking), and presents affected interfaces and call‑chains, while noting limitations such as polymorphism handling, performance overhead, and Java‑only support.
This article details the practical implementation of a dynamic web crawler for vulnerability scanning, covering Chrome headless setup, browser initialization, JavaScript hook injection for DOM events, navigation locking, form handling, link collection, deduplication, and task scheduling using pyppeteer.
This article explains why security detection needs automation, compares static and dynamic analysis, and details an image‑recognition‑based pipeline—including grayscale conversion, edge detection, contour extraction, and OCR—to automatically identify risky app pop‑up warnings.
This article explains iOS memory performance testing by covering static analysis via Xcode's Analyze feature and dynamic analysis tools such as Leaks, Activity Monitor, Allocations, and Zombies, illustrating how to detect memory leaks, unreasonable memory usage, and EXC_BAD_ACCESS errors with practical examples and step‑by‑step guidance.
Security testing, performed from near completion to release, verifies that software meets security requirements and quality standards by identifying common vulnerabilities such as DLL hijacking, ASLR/DEP misuse, and heap overflows, and employs static scanning and dynamic testing methods to detect and remediate these issues.
The article explains two simple yet effective sandbox‑evasion techniques used by a new Upatre Trojan variant—checking system uptime via GetTickCount and monitoring mouse movement—to bypass dynamic analysis environments and remain undetected by antivirus scanners.
