How YASA Enables Scalable Multi‑Language Taint Analysis with a Unified AST

The article introduces YASA, a unified multi‑language static taint analysis framework built on a novel Unified Abstract Syntax Tree (UAST), explains its design, core components, open‑source releases, and benchmark results that demonstrate superior coverage, precision, and performance over existing single‑ and multi‑language tools.

Multi-languageSoftware SecurityUAST

0 likes · 9 min read

How YASA Enables Scalable Multi‑Language Taint Analysis with a Unified AST

vivo Internet Technology

May 10, 2023 · Information Security

Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework

The Vivo Internet Security Team demonstrates how to extend the Doop static analysis framework with custom Datalog rules to detect the Apache Commons Text CVE‑2022‑42889 remote code execution vulnerability by tracing taint from StringSubstitutor.replace to ScriptEngine.eval, producing source‑sink CSV reports and showcasing Doop’s extensibility for security research.

Apache Commons TextCVE-2022-42889Datalog

0 likes · 14 min read

Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework

Sohu Tech Products

Apr 12, 2023 · Information Security

Static Taint Analysis for Android Apps: Risks, Theory, and Toolchain

This article explains Android app security risks and introduces static taint analysis, its theoretical foundations, key concepts, and practical tools such as FlowDroid, MobSF, AppShark, and PATDroid for detecting privacy leaks and vulnerabilities.

AndroidApp SecurityFlowDroid

0 likes · 8 min read

Static Taint Analysis for Android Apps: Risks, Theory, and Toolchain

58 Tech

Mar 15, 2022 · Information Security

Research and Practice of IAST/RASP: Instrumentation, Taint Analysis, and Integration with SkyWalking

This article surveys IAST and RASP technologies, detailing Java bytecode instrumentation methods, passive probing techniques, taint analysis algorithms, integration with SkyWalking, and compares their capabilities with SAST and DAST, providing practical implementation guidance and reference resources.

IASTJava InstrumentationRASP

0 likes · 14 min read

Research and Practice of IAST/RASP: Instrumentation, Taint Analysis, and Integration with SkyWalking

58 Tech

Apr 23, 2021 · Information Security

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.

ASTCodeQLSAST

0 likes · 24 min read

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning