Taint 2.0

From OWASP
Jump to: navigation, search

Taint 2.0 - Commercial static analysis tools for detecting security flaws in software use a technique called Taint Analysis. However, traditional taint analysis has limitations that prevent it from accurately detecting vulnerabilities in today's complex applications. We explore the challenges of current taint analysis approaches, and explain how an exciting new technology called String Analysis answers these challenges. We show how String Analysis produces more accurate results while eliminating the need to provide user configuration of sanitizers.