tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here . If you don't want to go through the trouble of setting this up you can just use the tool at https://thehackerblog.com/tarnish/ . Unpolished Notice & Notes It should be noted that this is an un-polished release. This is the same source as the deployment located at https://thehackerblog.com/tarnish/ . In the future I may clean this up and make it much easier to run but I don't have time right now. To set this up you'll need to understand how to: Configure an S3 bucket (if using auto-scaling) Set up ElasticBeanstalk Use docker-compose Set up redis The set up is a little complex due to a few design goals: Effectively perform static against Chrome extensions Automatically scale up to increased workload with more instances and scale down. Work on a shoestring budget (thus the use of ElasticBeanstalk with Spot Instances). Some quick notes to help someone attempting to set this up: tarnish makes use of Python Celery for analysis of extensions. The Python Celery config uses redis as a broker (this will have to be created). The workers which process extension analysis jobs run on AWS ElasticBeanstalk spot instances. For those unfamiliar, spot instances are basically…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-10-06 16:40:002019-10-06 16:40:00Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org