BestHub
Sign in
Tag

Taint Analysis

0 views collected around this technical thread.

vivo Internet Technology
vivo Internet Technology
May 10, 2023 · Information Security

Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework

The Vivo Internet Security Team demonstrates how to extend the Doop static analysis framework with custom Datalog rules to detect the Apache Commons Text CVE‑2022‑42889 remote code execution vulnerability by tracing taint from StringSubstitutor.replace to ScriptEngine.eval, producing source‑sink CSV reports and showcasing Doop’s extensibility for security research.

Apache Commons TextCVE-2022-42889Datalog
0 likes · 14 min read
Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework
Sohu Tech Products
Sohu Tech Products
Apr 12, 2023 · Information Security

Static Taint Analysis for Android Apps: Risks, Theory, and Toolchain

This article explains Android app security risks and introduces static taint analysis, its theoretical foundations, key concepts, and practical tools such as FlowDroid, MobSF, AppShark, and PATDroid for detecting privacy leaks and vulnerabilities.

AndroidFlowDroidMobSF
0 likes · 8 min read
Static Taint Analysis for Android Apps: Risks, Theory, and Toolchain
58 Tech
58 Tech
Apr 23, 2021 · Information Security

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.

CodeQLJavaSAST
0 likes · 24 min read
Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning