Static Code Analysis

Every Control should follow this template.

Last revision (mm/dd/yy): //

Description
Static Code Analysis is usually performed as part of a Code Review (also known as white-box testing) and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within 'static' (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis.

The UK Defense Standard 00-55 requires that Static Code Analysis be used on all 'safety related software in defense equipment'. [0]

Techniques
There are various techniques to analyze static source code for potential vulnerabilities.

Data Flow
TBD

Taint Analysis
TBD

Limitations
TBD

False Positives
TBD

False Negatives
TBD

Tools
Also see Source Code Analysis Tools.

Open Source/Free

 * OWASP LAPSE (Java)
 * PMD (Java)
 * FlawFinder (C/C++)
 * Microsoft FxCop (.NET)
 * Splint (C)
 * FindBugs (Java)
 * RIPS (PHP)
 * Agnitio (Objective-C, C#, Java & Android)

Commercial

 * Fortify
 * Veracode
 * GrammaTech
 * ParaSoft
 * Armorize CodeSecure
 * Checkmarx Cx Suite