Sheriff

Sheriff

Static & Dynamic Insights for Robust Software Assurance

Sheriff

Sheriff

Static & Dynamic Insights for Robust Software Assurance

The problem Sheriff solves

Our solution is a tool called Sherrif. This tool can be used for both static and dynamic analysis of the code. The tool provides comprehensive insights about dependencies used, known CVEs . The Dynamic Analysis part of the tool will check the overall profile of the tool like the network calls made , memory safety, any signatures of RCE , DOS attacks or injection attacks.The tool in general help improve the security profile at the point right after the code is written such that more secure code reaches the deployement stage.

Challenges we ran into

  1. Getting access to the Github repositories of the particular user- Lots of trial and code fixing.
  2. Deciding the whole architecture of the project- Dividing the project into smaller parts and staying within the defined scope of project.
  3. Getting the common CVE database- Through Internet Surfing, Webscraping we found a legitimate source.

Tracks Applied (1)

Cyber Intelligence

Securing software supply chain and detecting malicious code

Discussion