Difference between revisions of "Static Code Analysis"

From OWASP
Jump to: navigation, search
Line 11: Line 11:
 
==Description==
 
==Description==
  
Static Code Analysis is usually performed as part of a Code Review and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within source code by using techniques such as Flow Control and/or Pattern Matching.
+
Static Code Analysis is usually performed as part of a Code Review and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within source code by using techniques such as Flow Control and/or Pattern Matching on 'static' (non-running) source code.
  
 
==Examples==
 
==Examples==

Revision as of 09:19, 5 January 2012

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Every Control should follow this template.


This is a control. To view all control, please see the Control Category page.

Last revision (mm/dd/yy): 01/5/2012

Description

Static Code Analysis is usually performed as part of a Code Review and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within source code by using techniques such as Flow Control and/or Pattern Matching on 'static' (non-running) source code.

Examples

RIPS PHP Static Code Analysis Tool

Rips.jpg

OWASP LAPSE+ Static Code Analysis Tool

LapsePlusScreenshot.png

Tools

Open Source/Free

Commercial

References

Further Reading