China
Africa
Explore chapters and articles related to this topic
Sound and Precise Analysis of Web Applications for Injection Vulnerabilities
Published in Abid Hussain, Garima Tyagi, Sheng-Lung Peng, IoT and AI Technologies for Sustainable Living, 2023
Chitsutha Soomlek, Krit Kamtuo, Ekkarat Boonchieng
Since each programing language has various ways to respond to a call to external commands and external resources, the best approach to determine if an application has injection vulnerabilities is to analyze its source code to search for all requests to run external commands and calls to external resources. Both static and dynamic code analysis can be employed to identify the security flaws. In addition, code reviews is one of good practices for a software development team to find potential flaws and improve the software quality, then, further protection steps can be included to prevent undesirable consequences. However, finding injection vulnerabilities through code reviews is not a simple task even for experienced developers. Static code analysis tools play an important role during code reviews to help developers identify bugs, security flaws, code smells, etc. The effectiveness of those static code analysis tools does affect the accuracy of bugs and vulnerabilities detection. Therefore, a sound and precise code analysis approach for detecting injection vulnerabilities is required.
Cybersecurity for the Smart Grid
Published in Stuart Borlase, Smart Grids, 2018
Development should be done using secure coding and development practices. Using a static code analysis tool is essential to develop a high quality and secure code, and it will identify vulnerabilities that can be resolved immediately.
Security and Dependability Aspects
Published in Ivan Cibrario Bertolotti, Tingting Hu, Embedded Software Development, 2017
Ivan Cibrario Bertolotti, Tingting Hu
Informally speaking, static code analysis is able to infer some properties of a program by working exclusively at the source code level—possibly with some additional hints from the programmer, given in the form of source code annotations.
Review of battery powered embedded systems design for mission-critical low-power applications
Published in International Journal of Electronics, 2018
Matthew Malewski, David M. J. Cowell, Steven Freear
Static code analysis is a method of software debugging by analysing code without execution. Static code analysis can be performed on either source-code or compiled code (Louridas, 2006). This test method is limited in the amount of defects that can be detected. Studies have shown that this method can only capture 45% of test detectable defects (Lauesen & Younessy, 1998).