This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Taint 2.0

Jump to: navigation, search

Taint 2.0 - Commercial static analysis tools for detecting security flaws in software use a technique called Taint Analysis. However, traditional taint analysis has limitations that prevent it from accurately detecting vulnerabilities in today's complex applications. We explore the challenges of current taint analysis approaches, and explain how an exciting new technology called String Analysis answers these challenges. We show how String Analysis produces more accurate results while eliminating the need to provide user configuration of sanitizers.