[WEB SECURITY] Static Source Code analysis Methodology
David.Teller at mlstate.com
Mon May 9 14:18:51 EDT 2011
That's a very wide question. There is a whole branch of Computer Science devoted to answering it.
- parse the source code;
- resolve bound names;
- probably generate the Control Flow Graph (depending on the language, this may require a model of the library, e.g. for exceptions, threads, call/cc or higher-order functions);
- and then, walk the AST and/or CFG, building information along the way.
I hope this helps,
On May 7, 2011, at 8:09 PM, Parmendra Sharma wrote:
> Hi All,
> In one of my upcoming assignment, i need to perform Static Source Code analysis (SSCA) and prior to this i need to explain about the 'Standard Methodology' which will be followed for performing SSCA.
> I need to know which standard methodology is generally followed for SSCA process.
> Thanks and Regards:
> Parmendra Sharma
> Application Security Consultant
> email: s.parmendra at gmail.com
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity