Griffins are great beasts with amazing strength and wisdom and are commonly up to six feet long. The griffin will guard its golden nest and agates until they die, so they are also called the "Hounds of Zeus." Since griffins have golden nests they were very tempting to greedy hunters and had to keep a very close eye on their nests [...]
We like the symbology that lies behind the griffin as our static and dynamic analysis tools are designed to ultimately protect juicy tidbits of data -- "golden eggs", if you will, from malicious hackers.
The goal of the Griffin Software Security Project is to improve the security of Web applications through static and dynamic analysis. Today's Web applications may suffer from a variety of vulnerabilities, including SQL injections, cross-site scripting, HTTP splitting, path traversal, and a host of other flaws [more...]
A number of recently discovered security vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks are caused by programming errors in Web-based applications. There is a wealth of information available on the Web about these vulnerabilities. These vulnerabilities can lead to unauthorized data access by malicious users, loss of sensitive data, and application crashes. We recommend the following two resources: OWASP and Web Application Security Consortium.
The Griffin project proposes a combination of static and dynamic analysis techniques that detects all these and other vulnerabilities in Java applications.
The advantage of the static analysis approach described in our Usenix paper is that it finds all potential vulnerabilities at compile time without running the application. The advantage of the dynamic approach described in our OOPSLA paper is that is can prevent vulernabilities from even happening at runtime.