Sast on Shivasurya

Claude Code for Security Analysis: Introducing SecureFlow CLI to Hunt Security Vulnerabilities

Fri, 03 Oct 2025 00:00:00 +0000

AI-Powered Security Vulnerability Hunting at Scale

SecureFlow CLI is an open-source agentic SAST security tool that uses AI-powered loops to autonomously hunt for vulnerabilities in codebases. Built on the same principles as Cline/Cursor/Windsurf/Claude-Code for Security Analysis, it leverages LLMs and tools to navigate code, gather context, and identify security issues.

Example: WordPress Plugin Scanning Results

The WordPress plugin ecosystem is often overlooked for security scanning despite serving millions of users. Scanning 600+ WordPress plugins with SecureFlow yielded impressive results:

CodeQL: Eindhoven Quantifier Notation

Tue, 10 Sep 2024 00:00:00 +0000

Introduction

Recently, I have been thinking about aggregate functionality design for Code PathFinder, opensource alternative to GitHub CodeQL. SQL aggregate functions such as SUM, AVG, MIN, MAX are combined with WHERE and GROUP BY to generate aggregate queries. However, I was wondering if there is a way to generate aggregate queries without using WHERE and GROUP BY. While going through CodeQL design research paper, I came across Eindhoven Quantifier Notation which is quite interesting, easy to understand and can be used to generate aggregate queries. This blog post will discuss about Eindhoven Quantifier Notation adopted by CodeQL.

Sherlock: Automate security code reviews with Cody AI

Thu, 27 Jun 2024 00:00:00 +0000

Intro

Need for semi-autonomous security code reviews

My job as a security engineer (application security context) is to read source code and perform security reviews. Most of the time, mainly corelate the source code with frameworks & libraries, understand context where the code executes and enumerate all security risks. While there are lot of second generation SAST scanning tools in the market which is good at identifying patterns, eliminate false positive, executes and brings up results in minutes. I believe,

Defining Boundaries & Sinks for Inter-procedural Source Sink Analysis - Part 3

Fri, 08 Mar 2024 00:00:00 +0000

This is the third part of the blog post series on building inter-procedural source sink analysis from scratch. In the first part, we have built the intra-procedural source sink analysis. In this blog post, I’ll discuss about defining boundaries, configs and sinks for inter-procedural analysis. ✨ This idea of defining boundaries and sinks is inspired from the CodeQL library and while discussing with my colleague at SWAG lab @ uwaterloo.

Plan

While tools like CodeQL has well-defined support for libraries and framework such as Android CodeQL these libraries has predefined boundaries and sinks. But, start from scratch, we need to define our own boundaries and sinks. The boundaries are the entry points and sinks are the exit points.

Building Inter-procedural Source Sink Analysis from Scratch - Part 2

Fri, 01 Sep 2023 00:00:00 +0000

This is the second part of the blog post series on building inter-procedural source sink analysis from scratch. In the first part, we have built the intra-procedural source sink analysis. In this blog post, we will be building the inter-procedural source sink analysis.

Plan

We’ll be parsing whole java project source code and generate AST using JavaParser. While traversing the AST, we will be collecting the method declaration and method invocation. We will be using graph theory algorithm to find the path from source to sink. The source is the method declaration and the sink is the method invocation. The method declaration is the node and the method invocation is the edge. While classes may contain duplicate method names with different signatures, we will be using the fully qualified method name to uniquely identify the method. The fully qualified method name is the class name + method name + method arguments. The method arguments are used to differentiate the method overloading. The method declaration is the key and method invocation is the value in the hashmap. The hashmap is used to build the graph and find the path from source to sink.

Building A Simple Source-Sink Analysis in Java from Scratch - Part 1

Sun, 27 Aug 2023 00:00:00 +0000

Overview of Source Sink Analysis

Source Sink Analysis is a type of basic static analysis that detects the flow of information from a source to a sink. A source is a place where the information is coming from and a sink is a place where the information is going to. For example, a source can be a user input and a sink can be a database query. If the user input is not sanitized, it can lead to SQL Injection. Apart from source sink techniques, there are other techniques like taint analysis, control flow graph, data flow analysis, etc. which are used to detect vulnerabilities in the code. In this blog post, we will be building a simple source sink analysis in Java from scratch.