GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → secdec → astam-correlator

secdec / astam-correlator

Licence: MPL-2.0 license
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

Programming Languages

java
68154 projects - #9 most used programming language
javascript
184084 projects - #8 most used programming language
C#
18002 projects
CSS
56736 projects
ruby
36898 projects - #4 most used programming language
PHP
23972 projects - #3 most used programming language

Labels

securityvulnerabilitypentestingsastdastvulnerability-consolidation

Projects that are alternatives of or similar to astam-correlator

attack-surface-detector-zap
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 52 (+136.36%)
Mutual labels:  vulnerability, dast
cd
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (+50%)
Mutual labels:  sast, dast
Adapt
ADAPT is a tool that performs automated Penetration Testing for WebApps.
Stars: ✭ 179 (+713.64%)
Mutual labels:  vulnerability
Awsome Security Write Ups And Pocs
Awesome Writeups and POCs
Stars: ✭ 246 (+1018.18%)
Mutual labels:  vulnerability
Exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Stars: ✭ 3,056 (+13790.91%)
Mutual labels:  vulnerability
Dvhma
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
Stars: ✭ 180 (+718.18%)
Mutual labels:  vulnerability
Php7 Opcache Override
Security-related PHP7 OPcache abuse tools and demo
Stars: ✭ 237 (+977.27%)
Mutual labels:  vulnerability
Cve Check Tool
Original Automated CVE Checking Tool
Stars: ✭ 172 (+681.82%)
Mutual labels:  vulnerability
gvm-tools
Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance
Stars: ✭ 143 (+550%)
Mutual labels:  vulnerability
Pub
Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Stars: ✭ 217 (+886.36%)
Mutual labels:  vulnerability
Ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+995.45%)
Mutual labels:  vulnerability
Gemsurance
Gem vulnerability checker using rubysec/ruby-advisory-db
Stars: ✭ 207 (+840.91%)
Mutual labels:  vulnerability
Howtohunt
Tutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+13518.18%)
Mutual labels:  vulnerability
Killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (+977.27%)
Mutual labels:  vulnerability
Avpwn
List of real-world threats against endpoint protection software
Stars: ✭ 179 (+713.64%)
Mutual labels:  vulnerability
Droid Application Fuzz Framework
Android application fuzzing framework with fuzzers and crash monitor.
Stars: ✭ 248 (+1027.27%)
Mutual labels:  vulnerability
Godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (+681.82%)
Mutual labels:  vulnerability
Vulnfanatic
A Binary Ninja plugin for vulnerability research.
Stars: ✭ 203 (+822.73%)
Mutual labels:  vulnerability
Fuzzit
CLI to integrate continuous fuzzing with Fuzzit
Stars: ✭ 220 (+900%)
Mutual labels:  vulnerability
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (+136.36%)
Mutual labels:  vulnerability
View All Similar Projects ➔

ASTAM Correlator

The ASTAM Correlator is a vulnerability consolidation and management tool for web applications, capable of correlating and merging different Static and Dynamic scans indicating the same vulnerability. This improves scan results by combining findings that are symptoms of the same weakness, providing:

  • More information on a vulnerability as a whole
  • Reduced duplicate vulnerabilities from multiple SAST/DAST scans

Supported Web Frameworks

The following frameworks are supported by the Correlator route detection process:

  • ASP.NET MVC / Web API / Core / Web Forms
  • Struts
  • Django
  • Ruby on Rails
  • Spring MVC
  • JSP

Referencing the Endpoint Detection HAM Module

The ASTAM Correlator HAM module for endpoint detection has been published to Maven. You can add it as a dependency by adding this to your pom.xml:

<dependency>
    <groupId>com.github.secdec.astam-correlator</groupId>
    <artifactId>threadfix-entities</artifactId>
    <version>1.3.8</version>
</dependency>
<dependency>
    <groupId>com.github.secdec.astam-correlator</groupId>
    <artifactId>threadfix-ham</artifactId>
    <version>1.3.8</version>
</dependency>

Documentation

Instructions for the usage and installation of the ASTAM Correlator can be found in this project's Wiki.

Contributors

This project is a modification of Denim Group's software ThreadFix, Community Edition, which provides the Hybrid Analysis Mapping (HAM) that runs the correlation. A collaboration between Denim Group Ltd., and Secure Decisions, a division of Applied Visions Inc., has improved upon the open-source ThreadFix tool with a focused interface and improved HAM capabilities.

The original ThreadFix project can be found here: https://github.com/denimgroup/threadfix

This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) via contract number HHSP233201600058C.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].