Schuckert, FelixMeier, MichaelReinhardt, DelphineWendzel, Steffen2017-06-212017-06-212016978-3-88579-650-3This paper describes a framework, which modifies existing source code to generate security issues. An example plugin for generating SQL injection in Java source code is described. The generation process is based on static code analysis techniques like dataflow analysis and abstract syntax trees. The framework is evaluated with the help of Java projects from GitHub. One modified project was successfully used in a capture the flag event as a challenge.enText/Conference Paper1617-5468