当前位置:网站首页>Mariana Trench, Facebook's open source code analysis tool
Mariana Trench, Facebook's open source code analysis tool
2022-06-24 17:50:00 【Software test network】
Facebook Our security team announced a new open source project to the open source community this week —— Mariana Trench, This is a tool for identifying Android and Java Open source tools for application vulnerabilities ,Facebook It has been used inside the company before .
This application security focused tool can analyze tens of millions of lines of large code base , Help developers find vulnerabilities before they occur in code , Significantly reduce the risk of delivery security and privacy errors .
Facebook According to , Internal engineers are using Mariana Trench after , Found in all of the company's Applications 50% The above security vulnerabilities .
Mariana Trench How it works :
Mariana Trench Through analysis from " Source "( User sensitive data , Such as password or geographical location ) To " Remit "( Use functions or methods from source data ) Work with the flow of information .Mariana Trench It is specially designed to automatically detect such problems , in the majority of cases , These problems can lead to serious privacy and security vulnerabilities .
Facebook Explained in the documentation of the tool :" By default ,Mariana Trench Can analyze dalvik Bytecode , So it works whether you access the source code or not ."
Developers can also adjust and train it by adding new rules and model generators , Focus on areas where sensitive data should not appear , To focus on specific security and privacy issues .
Mariana Trench Is the 2019 Published in Zoncolan and 2021 Published in Pysa after ,Facebook The third code analysis tool disclosed , although Mariana Trench It works much like Zoncolan and Pysa, But the three of them target different fields , among Zoncolan and Pysa Used to detect and prevent Hack and Python Security issues in code , and Mariana Trench Mainly aimed at Android and Java.
at present Facebook The project has been hosted to GitHub, Interested developers can click the link to learn more . To help developers use the tool ,Facebook Also released a tutorial on the official website .
In this paper, from OSCHINA
In this paper, the title :Facebook Open source code analysis tools —— Mariana Trench
This paper addresses :https://www.oschina.net/news/162572/facebook-open-sources-mariana-trench
边栏推荐
- NVM download, installation and use
- Continue to help enterprises' digital transformation -tce has obtained the certification of the first batch of digital trusted service platforms in China
- RestCloud ETL抽取动态库表数据实践
- H265/webvr video web page without plug-in player easyplayer Solution to the problem of cumulative delay of FLV video played by JS
- How much does the page length affect the ranking?
- Failure analysis | database failure MHA is not switched
- Uncover the secrets of Tencent R & D! 30% of the demand will be responded within 1 day!
- How to use SEO to increase the inquiry volume?
- EasyCVR国标协议接入的通道,在线通道部分播放异常是什么原因?
- Digital transformation informatization data planning and technology planning
猜你喜欢
Eight recommended microservice testing tools
NVM download, installation and use
On software requirement analysis
SQL basic tutorial (learning notes)
Skills of writing test cases efficiently
It is often blocked by R & D and operation? You need to master the 8 steps before realizing the requirements
Software testing methods: a short guide to quality assurance (QA) models
Issue 39: MySQL time class partition write SQL considerations
C language - structure II
The 'ng' entry cannot be recognized as the name of a cmdlet, function, script file, or runnable program. Check the spelling of the name. If you include a path, make sure the path is correct, and then
随机推荐
H265 video streaming web page without plug-in player easywasmlayer Troubleshooting and solution of JS unable to set cover photo
Cloud native monitoring configuration self built alertmanager to realize alarm
Leetcode skimming questions - the 72nd biweekly match and 281 weekly match
Do you know CMDB?
Mysql database performance testing tool recommendation
Issue 39: MySQL time class partition write SQL considerations
Nine practical guidelines for improving responsive design testing
What securities dealers recommend? Is it safe to open an account online now?
What is the problem that the data is not displayed on the login web page after the configuration of the RTSP video security intelligent monitoring system easynvr is completed
[DB Bao 45] MySQL highly available mgr+consult architecture deployment
Setting the Arduino environment for tinyml experiments
TCE was shortlisted as a typical solution for ICT innovation of the Ministry of industry and information technology in 2020
How much does the page length affect the ranking?
Easygbs video platform TCP active mode streaming exception repair
How to decompile APK files
Cloud MySQL importing cloud data warehouse PostgreSQL best practices
Introduction to yottastore, a new generation of storage engine for VPC TCE cos
Rapidssl getting started SSL certificate
Comparison of similarities and differences between easynvr video edge computing gateway and easynvr software versions
On N handshakes and M waves of TCP