This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Static Code Analysis
From OWASP
Revision as of 14:05, 5 January 2012 by Ryan Dewhurst (talk | contribs)
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Every Control should follow this template.
This is a control. To view all control, please see the Control Category page.
Last revision (mm/dd/yy): 01/5/2012
Description
Static Code Analysis is usually performed as part of a Code Review and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within source code by using techniques such as Flow Control and/or Pattern Matching.
Examples
RIPS PHP Static Code Analysis Tool
OWASP LAPSE+ Static Code Analysis Tool
Tools
Open Source/Free
- OWASP LAPSE (Java)
- PMD (Java)
- FlawFinder (C/C++)
- Microsoft FxCop (.NET)
- Splint (C)
- FindBugs (Java)
- RIPS (PHP)
- Agnitio (Objective-C, C#, Java & Android)
