Ansede-static: offline SAST, 98.8% CVE recall, catches IDOR and auth bypass
Ansede-static is a new offline static application security testing engine that boasts a 98.8% CVE recall rate. It is designed to detect vulnerabilities that other tools often miss, such as insecure direct object references and missing authentication checks. The tool supports multiple programming languages and offers various features for enhanced security scanning.
- ▪Ansede-static achieves a 98.8% CVE recall rate, significantly higher than many existing tools.
- ▪It can detect critical vulnerabilities like insecure direct object references and missing authentication checks.
- ▪The tool supports five programming languages and offers features like incremental scanning and auto-fix capabilities.
Opening excerpt (first ~120 words) tap to expand
The world's most precise offline static application security testing engine. Zero dependencies. 98.8% CVE recall. Five languages. Ships as a single .exe. What makes it different Existing SAST tools detect subprocess(shell=True). They miss the bugs that actually appear in CVE databases: # CWE-639 — Insecure Direct Object Reference # Bandit: silent. Semgrep OSS: silent. ansede-static: CRITICAL @app.route("/invoice/<invoice_id>") @login_required def get_invoice(invoice_id): return db.execute("SELECT * FROM invoices WHERE id = ?", (invoice_id,)) # ^ no WHERE user_id = current_user.id → any user can see any invoice # CWE-862 — Missing Authentication on admin endpoint # Bandit: silent. Semgrep OSS: silent.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.