Automated source code analysis

Automated analysis of the source code is a technology to find and describe the weakness in the source code. These weaknesses could Vulnerabilities, mistakes in logic, the implementation of the concurrency defects injuries, rare conditions at the borders, and many other types of problems that cause the code.

The name of the research department is a partner for the analysis of static code. This distinction is the traditional dynamic analysis techniques such as penetration testing or by the fact that the work is being done in building up the time by selecting only the source code of the program or in the module. The results are generated from a complete overview of all the ways of execution, as well as only one aspect of a strictly observed runtime behavior.

Perhaps the question is, obviously with the new developer of the technology is: why?

Why developers a new tool, if they so choose?

What makes this technology is sufficient to me for my chain, are already too big?

And what makes it, somehow?

The study answers these questions and much more. But at the moment only in the fact that at the time of writing, 80% of the Fortune 500 companies have already or are currently in the facility, a kind of automatic analysis of source code. The reasons for this can be explained in many ways, as people to answer the question, but basically in all of these can be used:

Tell Me What ¿½ s hard before sending my Doni ¿½ ï ¿½ t, I would not be the type used for the carriage of a vulnerability or bug killer in nature.

There are other compelling reasons, such as:

my test code for the greater efficiency by automating

my insurance improve the quality of 100% coverage of all requirements to the limits

Help me, my brand, we are in the market with new products

It will, however, the capacity of this technology to the developers the opportunity to make their code clear bush land and not so obvious that the weaknesses of their work before the code for the check-in and formal downstream process validation.

Introduction to Technology:

The process of automatic analysis of source code includes the construction of a rich or a model of the code (like a compiler), then simulate all paths run through this kind, to map the workflow logic in this way, how and where the objects the database will be created, used and destroyed.

After the screening of the code paths and the mapping of the objects of data available, we are looking for normal, or one or the other could lead to vulnerability analysis used does not, or corruption of data during the execution.

There are two major groups to consider, which is typical for this type of analysis: The Abstract Syntax Tree (AST) and the validation code analysis of the path. The first case is usually on the validation of the basic syntax and structure of the code, the second is for other types of analysis, based on the understanding of the status of Programs data objects at any point in a code execution path.