This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Taint 2.0

From OWASP
Revision as of 09:48, 12 May 2009 by EoinKeary (talk | contribs) (New page: '''Taint 2.0''' - Commercial static analysis tools for detecting security flaws in software use a technique called Taint Analysis. However, traditional taint analysis has limitations that ...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Taint 2.0 - Commercial static analysis tools for detecting security flaws in software use a technique called Taint Analysis. However, traditional taint analysis has limitations that prevent it from accurately detecting vulnerabilities in today's complex applications. We explore the challenges of current taint analysis approaches, and explain how an exciting new technology called String Analysis answers these challenges. We show how String Analysis produces more accurate results while eliminating the need to provide user configuration of sanitizers.