...
•Dynamic Program Analysis
•AppVerifier
•Sandbox
•Fuzz Testing
•Threat Model and Attack Surface review
•Penetration Test
| Tool Name | |
|---|---|
| Static analysis | Coverity: |
| Veracode | |
| Helix QAC | |
| CodeSonar | |
| Dynamic analysis | angr |
| KLEE | |
| Valgrind | |
| LLVM/Clang Sanitizers | |
| FlowDroid (Java) | |
| Pen test | Metasploit |
| Autosploit | |
| Armitage | |
| cisco-global-exploiter | |
| OWASP Zed Attack Proxy (ZAP) | |
| Fuzzing test | OSS-Fuzz |
| AFL | |
| SAGE | |
| Vulnerability analysis | Cybellum |
| Veracode | |
| OpenVAS | |
| Wireshark | |
| Nessus Professional | |
| John the Ripper | |
| Stress Test | SlowHTTPTest |
| OVS+TcpReplay |
Release
Incident Response Plan
...