static analysis

The growing popularity of containerization in cloud environments is accompanied by an increasing number of attacks that leverage obfuscated malware designed to evade detection by static scanners. This paper presents an experimental comparison of two container security tools – Trivy (static analysis) and Tracee (dynamic observation based on eBPF) – in detecting malicious executables hidden in non-standard paths such as /tmp/.

The article focuses on the investigation of security risks in mobile applications developed using various frameworks, including Xamarin, Cordova, React Native, Flutter, and Android Native. The purpose of the study is to identify key vulnerabilities in the code, configurations, and permissions of mobile applications and to assess their criticality depending on the chosen development technology.