Reasons to Use Static Analysis Tools:
Testing using static analysis tools can drastically reduce a number of bugs which may be difficult to find in black box testing such as buffer overrun, encoding and dangerous function usage. A quick scan with a static analyzer may discover many bugs that are difficult to find by other means.
While not often thought of, one of the first things a hacker will attempt to discover and steal is source code. Source code will allow the hacker to discover new vulnerabilities in your application at the source level which is much faster and easier than attempting to find them by traditional white box methods. Hackers employ the use of static analysis tools to help them quickly discover security problems in the application. Even if the applications specific source code is not compromised a hacker can still use the tools to analyze other source code to find common vulnerabilities that might exist in the application they are trying to attack. By scanning your code with a static analysis tool and fixing the important bugs discovered you are closing off an avenue of attack for a potential hacker.
It has been shown that the sooner a bug is discovered and fixed the less it costs. Late discovered security vulnerabilities can cost a company millions of dollars. The same vulnerability, if found in the development phase, would be very inexpensive to fix. Most static analysis tools can point directly to problematic line of code so the developer doesn't have to track down the problem from a high level bug report.
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company