[WEB SECURITY] Static Source Code analysis Methodology

David Rajchenbach-Teller David.Teller at mlstate.com
Mon May 9 14:18:51 EDT 2011

That's a very wide question. There is a whole branch of Computer Science devoted to answering it.

Something like:
- parse the source code;
- resolve bound names;
- probably generate the Control Flow Graph (depending on the language, this may require a model of the library, e.g. for exceptions, threads, call/cc or higher-order functions);
- and then, walk the AST and/or CFG, building information along the way.

I hope this helps,

  David Rajchenbach-Teller
  CSO, MLstate

On May 7, 2011, at 8:09 PM, Parmendra Sharma wrote:

> Hi All,
> In one of my upcoming assignment, i need to perform Static Source Code analysis (SSCA) and prior to this i need to explain about the 'Standard Methodology' which will be followed for performing SSCA.
> I need to know which standard methodology is generally followed for SSCA process.
> -- 
> Thanks and Regards:
> Pam
> Parmendra Sharma
> Application Security Consultant
> email: s.parmendra at gmail.com
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110509/1607d065/attachment-0003.html>

More information about the websecurity mailing list