Useful Links
Computer Science
Cybersecurity
Static Code Analysis
1. Foundations of Static Code Analysis
2. The Mechanics of Static Analysis Tools
3. Types of Static Analysis
4. Common Findings and Detected Issues
5. Integration into the Development Process
6. Tooling and Practical Considerations
7. Challenges and Limitations
8. Advanced and Emerging Topics
Common Findings and Detected Issues
Security Vulnerabilities (SAST)
Injection Flaws
SQL Injection (SQLi)
Union-Based Attacks
Blind SQL Injection
Time-Based Attacks
Cross-Site Scripting (XSS)
Reflected XSS
Stored XSS
DOM-Based XSS
Command Injection
OS Command Injection
Code Injection
LDAP Injection
NoSQL Injection
Header Injection
Broken Authentication and Session Management
Weak Password Handling
Password Storage Issues
Password Policy Violations
Session Fixation
Session Hijacking Vulnerabilities
Insufficient Session Expiration
Weak Session Token Generation
Sensitive Data Exposure
Hardcoded Secrets
Passwords
API Keys
Database Credentials
Encryption Keys
Weak Cryptographic Algorithms
Deprecated Hash Functions
Insecure Encryption Modes
Weak Key Generation
Information Disclosure
Debug Information Leakage
Error Message Exposure
XML External Entities (XXE)
External Entity Processing
XML Parser Configuration Issues
Billion Laughs Attack
Broken Access Control
Privilege Escalation
Vertical Privilege Escalation
Horizontal Privilege Escalation
Insecure Direct Object References
Missing Function Level Access Control
Forced Browsing Vulnerabilities
Security Misconfiguration
Default Credentials
Insecure Permissions
Unnecessary Services Enabled
Missing Security Headers
Insecure Deserialization
Object Injection Attacks
Remote Code Execution
Data Tampering
Memory Management Errors
Buffer Overflows and Overruns
Stack-Based Overflows
Heap-Based Overflows
Integer Overflows
Arithmetic Overflow
Integer Wraparound
Use-After-Free
Double-Free Errors
Memory Leaks
Heap Memory Leaks
Resource Handle Leaks
Code Quality and Reliability Defects
Null Pointer Dereferences
Null Check Violations
Optional Type Misuse
Uninitialized Variables
Local Variable Initialization
Field Initialization Issues
Resource Leaks
Files
File Handle Leaks
Stream Closure Issues
Sockets
Network Connection Leaks
Socket Closure Problems
Database Connections
Connection Pool Exhaustion
Transaction Management Issues
Memory Resources
Unreachable Code (Dead Code)
Conditional Dead Code
Exception Handler Dead Code
Method-Level Dead Code
Concurrency Issues
Race Conditions
Data Race Detection
Time-of-Check-Time-of-Use
Deadlocks
Circular Wait Conditions
Lock Ordering Issues
Improper Synchronization
Missing Synchronization
Over-Synchronization
Atomic Operation Violations
Logic Errors
Off-by-One Errors
Array Boundary Errors
Loop Condition Errors
Incorrect Conditionals
Boolean Logic Errors
Comparison Operator Misuse
Algorithm Implementation Errors
Coding Standard and Style Violations
Adherence to Naming Conventions
Variable Naming Standards
Function Naming Conventions
Class and Interface Naming
Code Formatting and Layout
Indentation Standards
Line Length Limits
Whitespace Usage
Code Complexity Metrics
Cyclomatic Complexity
Decision Point Counting
Complexity Thresholds
Cognitive Complexity
Mental Model Complexity
Nested Structure Analysis
Halstead Complexity Measures
Use of Deprecated Functions or APIs
Legacy API Usage
Version Compatibility Issues
Migration Path Identification
Commenting and Documentation Standards
Code Documentation Requirements
API Documentation Standards
Inline Comment Guidelines
Previous
3. Types of Static Analysis
Go to top
Next
5. Integration into the Development Process