Unlike dynamic source code analysis that evaluates the source code behaviour during code execution, which is done quite late in the software development life cycle, Static Code Analysis leads to detection of security vulnerabilities in a source code in early stages of software development process, when the software is still in production phase because it does not require code to be in execution state. Automated static Code Analysis tools audits the entire source code for its quality and identify any potential security vulnerability, if present.
This paper focuses on using automated source code scanning tools for vulnerabilities detection in a software. Static code analysis can be done either manually or through automated tools. In this study, vulnerability detection was done through Static code analysis process. The vulnerability detection can be done either at the production phase, this means when the software is still being developed by statically auditing the source code, or dynamically at run time. Detecting vulnerabilities in early phases of software development cycle, makes the process of fixing those vulnerabilities much easier for software developers. To ensure software security, one of the major task is to identify vulnerabilities present in the source code before the software is being deployed. It is necessary for an organisation to maintain software security in order to ensure integrity, authenticity and availability of the software product. Software security has become an essential component of software development process.
0 kommentar(er)
