SoheilKhodayari JAW Versions Save

This release provides the following features:

• Integration with Foxhound for in-browser dynamic taint tracking
• Analysis pipeline for detecting client-side request hijacking vulnerabilities
• Improved SAST engine (call graph, data flow dependencies, pointer analysis)
• Dynamic verification module for data flows based on run-time API instrumentation
• Scripts for processing dynamic taint flows at scale
• Test web application for JAW

This release contains the JAW source code of version 1.1.5, containing:

• core code static analysis engine for JavaScript HPG generation
• dockerized neo4j graph databases
• general data flow, pointer analysis, reachability analysis and pattern matching queries
• support for automated detection or interactive exploration of client-side CSRF vulnerabilities
• CLIs for large-scale HPG imports and querying
• symbolic modeler for modern JavaScript libraries
• JavaScript-enabled crawler based on Selenium

This release contains the JAW source code of version 2.0.4, adding:

• support for DOM Clobbering vulnerabilities, i.e., merged with TheThing.
• improved static analysis engine
• dynamic forced execution component based on Iroh
• new CLI for graph construction and import
• improved neo4j container orchestration
• a new crawler based on Puppeteer and Chrome CDP

This release contains the JAW source code of version 2.0.2, adding:

• support for DOM Clobbering vulnerabilities, i.e., merged with TheThing.
• improved static analysis engine
• dynamic forced execution component based on Iroh
• new CLI for graph construction and import
• improved neo4j container orchestration
• a new crawler based on Puppeteer and Chrome CDP