Security News > 2021 > September > Facebook open-sources tool to find Android app security flaws
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.
"A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.
It's open source and designed to detect and prevent security bugs in #Android and #Java applications, more here: https://t.
Facebook Security September 29, 2021 Third code analysis tool open-sourced since 2019.
You can find the Mariana Trench code analysis tool on GitHub and its own dedicated website, a binary distribution on PyPI, and a short tutorial to help get started.
"While server-side code can be updated almost instantaneously for web apps, mitigating a security bug in an Android application relies on each user updating the application on the device they own in a timely way."
News URL
Related news
- Vanir: Open-source security patch validation for Android (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Open-source and free Android password managers that prioritize your privacy (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)