Is Static Analysis Able to Identify Unnecessary Source Code?

The article investigates automation methods and means of integration of static source security analysis technology. The process of software security analysis, which is implemented by the technology of static analysis of the source code, is studied, and the methods of solving the problem of automation and integration of the technology into the source code development environment are offered. The perspective direction of further development of the technology of static analysis of the source code is established.

Download Full-text

Evaluation of SQL Injection Vulnerability Detection Tools

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a2648.109119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 1747-1751

Keyword(s):

Static Analysis ◽

Web Applications ◽

Source Code ◽

False Negative ◽

Vulnerability Detection ◽

Sql Injection ◽

User Input ◽

Root Cause ◽

Analysis Tools ◽

Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

Download Full-text

Students Projects’ Source Code Changes Impact on Software Quality Through Static Analysis

10.1007/978-3-030-85347-1_39 ◽

2021 ◽

pp. 553-564

Author(s):

Sivana Hamer ◽

Christian Quesada-López ◽

Marcelo Jenkins

Keyword(s):

Static Analysis ◽

Software Quality ◽

Source Code ◽

Code Changes ◽

Source Code Changes

Download Full-text

A Framework and a Language for Usability Automatic Evaluation of Web Sites by Static Analysis of HTML Source Code

Computer-Aided Design of User Interfaces III ◽

10.1007/978-94-010-0421-3_29 ◽

2002 ◽

pp. 337-348 ◽

Cited By ~ 6

Author(s):

Abdo Beirekdar ◽

Jean Vanderdonckt ◽

Monique Noirhomme-Fraiture

Keyword(s):

Static Analysis ◽

Web Sites ◽

Source Code ◽

Automatic Evaluation

Download Full-text

User-Perceived Source Code Quality Estimation Based on Static Analysis Metrics

2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) ◽

10.1109/qrs.2016.22 ◽

2016 ◽

Cited By ~ 7

Author(s):

Michail Papamichail ◽

Themistoklis Diamantopoulos ◽

Andreas Symeonidis

Keyword(s):

Static Analysis ◽

Source Code ◽

Quality Estimation ◽

Code Quality

Download Full-text

CODE-CHANGE IMPACT ANALYSIS USING COUNTERFACTUALS: THEORY AND IMPLEMENTATION

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194013500460 ◽

2013 ◽

Vol 23 (10) ◽

pp. 1459-1486

Author(s):

MANUEL PERALTA ◽

SUPRATIK MUKHOPADHYAY

Keyword(s):

Static Analysis ◽

Theorem Proving ◽

Program Analysis ◽

Impact Analysis ◽

Source Code ◽

Analysis Framework ◽

Change Impact Analysis ◽

Code Change ◽

Change Impact ◽

Automated Tool

This article shows a novel program analysis framework based on Lewis' theory of counterfactuals. Using this framework we are capable of performing change-impact static analysis on a program's source code. In other words, we are able to prove the properties induced by changes to a given program before applying these changes. Our contribution is two-fold; we show how to use Lewis' logic of counterfactuals to prove that proposed changes to a program preserve its correctness. We report the development of an automated tool based on resolution and theorem proving for performing code change-impact analysis.

Download Full-text

Static analysis of software source code based on the Fortify Static Code Analyzer solution

Modern information security ◽

10.31673/2409-7292.2021.020910 ◽

2021 ◽

Vol 46 (2) ◽

Author(s):

N. V. Goryuk ◽

◽

I. M. Lavrovsky

Keyword(s):

Life Cycle ◽

Software Development ◽

Static Analysis ◽

Source Code ◽

Security Analysis ◽

Software Life Cycle ◽

Static Source

The article analyzes the problem of identifying source code vulnerabilities in the context of software development. An analysis of existing technologies for detecting vulnerabilities in the source code. Methods and means of protection of detection of source code vulnerabilities on the basis of the Fortify Static Code Analyzer solution are investigated. The purpose, main functions and architecture of the Fortify Static Code Analyzer solution are defined. Based on the research conducted in the work, a variant of the process of static analysis of the security of the source code in the context of the software life cycle was developed. Recommendations for the use of static source security analysis technology have been developed.

Download Full-text