Security Tools

Tools developed by Debasis Mohanty for security assessment, penetration testing, and secure development.

Code ReviewAug 2022Introduces multiple world-first capabilities (2022)

Daksh SCRA - Source Code Review Assist

A source code review assistance tool that enhances efficiency by identifying areas of interest in source code and file paths, performing software-level reconnaissance, and providing automated scientific effort estimation for code reviews.

More details

Debuted at Black Hat USA 2022 and publicly launched at Black Hat USA 2023. Introduces multiple world-first capabilities including file path-based area of interest identification and automated scientific effort estimation for code reviews. Also features framework-aware scanning, taint analysis reports, RDL for external rule logic, scan state and resume, suppression baselines, and a Web UI for real-time scan management.

Risk AssessmentJan 2020Industry first at the time of release (2020)
Retired

KaitiScope - Cyber Insurance Risk Assessment

A comprehensive cyber risk assessment tool for cyber insurance. Evaluates organisation security posture across external/internal infrastructure, data handling, threat profiling, and generates policy coverage impact analysis with loss scenarios.

More details

Originally developed in early 2020 for insurance providers and underwriters. Combines advanced threat profiling with a structured risk assessment workflow across organisation profiling, attack surface analysis, and policy coverage impact.

Updated online version availableTry Online
AssessmentMay 2010Industry first at the time of release (2010)
Retired

Smart Application Security Score Card

A decision-making tool for application/product owners to determine essential security assessments. Helps prioritise and assign scores for recommended assessments like Design Review, Code Review, Penetration Testing, and Post-Release Review.

More details

Whilst ideally every application should undergo the full set of security assessments, not every product requires the same assessment depth. This tool helps stakeholders determine essential assessment types when budget or delivery constraints exist.

Updated online version availableTry Online
EstimationJan 2009Industry first at the time of release (2009)
Retired

TA-Mapper (Pentest Effort Estimator)

Industry's first scientific effort estimation tool for application penetration testing. Takes a scientific approach towards calculating efforts with greater accuracy, replacing subjective estimation methods.

More details

Originally written in 2004 and released publicly in 2009, TA-Mapper was built to replace subjective pentest effort estimates with a more defensible and scientific method.

Updated online version availableTry Online
RecoverySep 2008
Retired

SwordFish - MS Access Password Recovery

Microsoft Access password recovery tool for MS Access 97/2003. Originally tested on Windows XP/2000.

More details

Support for this tool has been discontinued.

GuideSep 2005Industry first at the time of release (2005)
Retired

Static Code Analysis Tools - Pilot Guide

A comprehensive QFD-based evaluation framework for selecting and comparing static code analysis tools. Evaluate tools across vulnerability detection, features, language support, pricing, and vendor capabilities with weighted scoring.

More details

Originally developed as part of a software security engineering framework. Provides a scientific, weighted method for comparing static analysis tools across vulnerability coverage, features, language support, pricing, and vendor maturity.

Updated online version availableTry Online