Taint 2.0

From OWASP
Revision as of 04:48, 12 May 2009 by EoinKeary (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Taint 2.0 - Commercial static analysis tools for detecting security flaws in software use a technique called Taint Analysis. However, traditional taint analysis has limitations that prevent it from accurately detecting vulnerabilities in today's complex applications. We explore the challenges of current taint analysis approaches, and explain how an exciting new technology called String Analysis answers these challenges. We show how String Analysis produces more accurate results while eliminating the need to provide user configuration of sanitizers.