Scienceware

JAW (JavaScript Framework Analysis)
JAW is a hybrid, scalable framework to analyze client-side JavaScript programs for the detection of client-side CSRF vulnerabilities. JAW can be used to conduct interactive and exploratory analysis of JavaScript code.
PDF Code
JAW (JavaScript Framework Analysis)
Black Widow
Black widow is a new data-driven web application scanner that combines three techniques: navigation modeling, graph traversing, and tracking inter-state dependencies.
PDF Code Video
Black Widow
Ad-Versarial
We released scripts, datasets, and trained YOLOv3 models of our work Ad-versarial: Defeating Perceptual Ad-Blocking.
PDF Code Video
Ad-Versarial
Fidelius
Fidelius is a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.
PDF Code Video
Fidelius
Deemon
Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property graphs.
PDF Code
Deemon
Günter
Günter tests web applications against Server Side Request (SSR) abuse including Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.
PDF Code
Günter
jÄk (yet Änother krawler, ja!)
jÄk [jAEk] is a crawler that uses function hooking and other dynamic analysis techniques to identify JavaScript event function registratio to explore the attack surface of web applications.
PDF Code
jÄk (yet Änother krawler, ja!)