Revision as of 10:01, 15 October 2020 edit Elinruby (talk \| contribs) Extended confirmed users 106,685 edits →Overview: cbutce Tags: Mobile edit Mobile web edit Advanced mobile edit ← Previous edit		Revision as of 10:05, 15 October 2020 edit undo Elinruby (talk \| contribs) Extended confirmed users 106,685 edits →Overview: Ce Tags: Mobile edit Mobile web edit Advanced mobile edit Next edit →
Line 84: Static analysis tools examine the text of a program syntactically. They look for a fixed set of patterns or rules in the source code. Theoretically, they can also examine a compiled form of the software. This technique relies on [[instrumentation]] of the code to do the mapping between compiled components and source code components to identify issues. Static analysis can be done manually as a [[Code review\|code review]] or [[Software audit review\|auditing]] of the code for different purposes, including security, but it is time-consuming.<ref> {{Cite journal \|last1=Chess\|first1=B. Line 98: }}</ref> The precision of SAST tool is determined by its scope of analysis and the specific techniques used to identify vulnerabilities. Different ~~Level~~levels of analysis ~~are~~include: * [[Subroutine\|function level]] - ~~a sequence~~sequences of instruction. * [[Class (computer programming)\|file or class-level]] - an extensible program-code-template for ~~creating~~object ~~objects~~creation. * [[Application software\|application level]] - a program or group of programs that ~~might have interactions between them~~interact. The scope of analysis determines its accuracy and capacity in detecting vulnerabilities by using a wider contextual information<ref> {{Cite journal

Static application security testing: Difference between revisions