Inspiration
Modern apps are complex, and even minor coding mistakes can lead to serious security vulnerabilities. We wanted a way to automatically detect issues and generate actionable tests to help developers secure their code faster.
What it does
Combines static code analysis with LLMs to identify potential security risks in Android apps and automatically generates structured, safe test cases for validation.
How we built it
We used static analysis tools to parse code and detect risky patterns, then leveraged a language model (Mistral) to generate detailed, non-exploit test cases. Results are saved in JSON for easy integration into CI/CD pipelines.
Challenges we ran into
• Handling partial/incomplete LLM outputs due to token limits. • Converting LLM responses into valid, structured JSON. • Balancing detailed test cases with safety (no exploit instructions).
Accomplishments that we're proud of
• Successfully combined static analysis with LLM-generated test cases. • Produced a pipeline that can generate structured test cases automatically from code. • Ensured all test cases are safe, actionable, and suitable for real-world testing.
What we learned
• LLMs can significantly reduce manual effort in generating security test cases. • Proper post-processing and validation of AI outputs are critical to maintain JSON integrity. • Combining AI with traditional static analysis is a powerful approach for automated security testing.
What's next for Static-LLM Vulnerability Test Generator
• Support more programming languages and frameworks. • Integrate with CI/CD pipelines for automated vulnerability scanning. • Improve handling of large codebases and partial LLM outputs. • Add reporting and visualization for easier developer adoption.
Log in or sign up for Devpost to join the conversation.