The "SecScan" project aims to help small and medium-sized enterprises (SMEs) analyze their existing code for potential vulnerabilities and valuable assets that need protection. Various methods of code analysis are employed, with the goal of keeping the entry barrier for companies as low as possible.

The code analysis involves several steps, including static analysis using specialized tools to identify known vulnerabilities, dynamic analysis during code execution, and manual reviews by developers and security experts. Peer reviews and penetration tests are conducted to identify and close potential vulnerabilities before they can be exploited.

AI is utilized to support the vulnerability identification process by testing various models such as DisilBERT, T5, and RoBERTa. Identifying assets such as personally identifiable information or intellectual property allows vulnerabilities to be addressed based on security needs and lowers the entry barrier for SMEs.

• You can find more information on the Showcase website.

Students:

• Thomas Bucher

• Lisa de Rijke