Black widow is a new data-driven web application scanner that combines three techniques: navigation modeling, graph traversing, and tracking inter-state dependencies.
We released scripts, datasets, and trained YOLOv3 models of our work Ad-versarial: Defeating Perceptual Ad-Blocking.
Fidelius is a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.
Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property graphs.
Guenther tests web applications against Server Side Request (SSR) abuse including Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.