static-analysis

3 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook468 xss316 google162 microsoft106 rce105 apple69 csrf61 web354 account-takeover54 writeup51 exploit43 sqli41 cve37 ssrf35 dos33 cloudflare33 malware30 privilege-escalation29 defi28 smart-contract-vulnerability25 node24 idor24 subdomain-takeover24 smart-contract23 clickjacking23 ethereum23 access-control21 vulnerability-disclosure21 browser20 auth-bypass20 lfi19 aws19 remote-code-execution18 docker17 reverse-engineering17 react17 cloud17 oauth16 cors16 race-condition16 info-disclosure15 solidity14 authentication-bypass14 phishing13 supply-chain13 wordpress12 denial-of-service11 delegatecall11 sql-injection11
0 8/10
Findings Gadgets Like it’s 2026
research

Researchers automated Java deserialization gadget chain discovery using LLM-driven analysis combined with static call graph analysis, discovering novel chains against WildFly and other application servers. The methodology uses WALA-based call graph construction, dynamic bytecode analysis for type confusion, and Claude Code to iteratively explore and validate gadget chains through a REST API query interface.

java-deserialization gadget-chain vulnerability-discovery llm-automation static-analysis code-execution ysoserial wildfly weblogic jboss websphere jenkins opennms call-graph-analysis bytecode-analysis serializable type-confusion research
ysoserial GadgetInspector Claude Code IBM Watson Libraries for Analysis (WALA) CFR Java ASM FastAPI SQLite WildFly WebLogic WebSphere JBoss Jenkins OpenNMS Foxglove Security
atredis.com · Stephen Breen · 6 hours ago · details
0 5/10
Inside the benchmark: app architectures, walkthroughs of findings, and what each scanner actually caught
research

Part 2 of a security benchmark study comparing LLM-based security scanners (Neo, Claude Code) against traditional SAST/DAST tools on AI-generated code, finding that Neo detects more true positives with fewer false positives by validating findings against running applications.

sast dast code-analysis llm-security vulnerability-detection ai-generated-code security-tooling benchmark static-analysis dynamic-analysis
ProjectDiscovery Neo Claude Code
projectdiscovery.io · projectdiscovery · 1 day ago · details
0 2/10
Where Claude’s Security Scanning Falls Short (and Why That's Okay)
opinion

Analysis of Claude's security scanning capabilities and its limitations in detecting vulnerabilities, with discussion of market implications for existing SaaS security vendors.

ai-security static-analysis code-scanning claude saas-security
Claude Anthropic Cobalt
cobalt.io · [email protected] (Willa Riggins) · 2 days ago · details