What is Static Code Analysis?

What is Static Code Analysis? | AppSec 101

Рет қаралды 15,037

Fortify Unplugged

Күн бұрын

Пікірлер: 12

@domaincontroller 3 жыл бұрын

00:59 my background 03:17 Static analysis 04:50 weaknesses, vulnerabilities 08:34 SAST, DAST

@FortifyUnplugged 2 жыл бұрын

Sorry for the late reply, but thanks for your helpful comment.

@brentjenkins6235 4 жыл бұрын

Awesome video with great explanations. Look forward to the upcoming series!

@FortifyUnplugged 4 жыл бұрын

Thanks! We're trying to add some AppSec intro material to go along with our more technical content.

@SamiEltamawy 3 жыл бұрын

Great video guys! Very informative and comprehensive explanation and comparison.

@FortifyUnplugged 3 жыл бұрын

We appreciate the feedback and glad you found it informative!

@roboedar 2 жыл бұрын

Very great explanation. Thank you.

@FortifyUnplugged 2 жыл бұрын

Glad it was helpful!

@rabella183 4 жыл бұрын

Excellent video. Will you be having Hans Enders to provide an overview of WebInspect?

@FortifyUnplugged 4 жыл бұрын

He doesn't know it yet, but that's a great idea.

@amjad.6244 3 жыл бұрын

Thank You Sir for this video. Can you show me difference between Compiler and Static Code Analysis?

@FortifyUnplugged 3 жыл бұрын

Compilers and Static Code Analyzers have a lot in common. In fact, Fortify SCA internally leverages open source compilers in the first stage of the analysis for several languages (e.g. Java, Kotlin). The key difference is what happens after the initial parsing and resolution stages. Compilers would then proceed to output binary or byte-code, where Static Code Analyzers will run multiple analysis algorithms on the data to find security vulnerabilities. Compilers may be doing some quality checking as part of their process (e.g. warning for unused variables or similar bad-practices), but they don't do the type of security analysis that static analysis tools do.