Static Code analysis

What is Static Code analysis 

Static Code analysis(Source code analysis) is usually performed as part of Code review and carried out at the software implementation phase of a Secure Software Development life Cycle (Secure SDLC).Static code analysis falls under white Box testing when considering  different type of the testing approaches.Static code analysis commonly refer to running of Static Code Analysis tool and attempt to find out possible vulnerabilities.

Note: program(Source Code) isn’t  run in Static code analysis and if run and test the analysis falls under Dynamic Analysis

Secure software Development Life cycle 

Secure SDLC

Static code analysis lab with Find Sec bug

Eclipse is to be used to static analysis with find sec bug


1. Installation of FindBugs plugin


2. Configuration

The recommended configuration to use with Find Security Bugs is to limit the scan to Security only bug detectors. Go to Eclipse -> Preferences (Mac) or Window -> Preferences (Windows). Then go to Java -> FindBugs, and make only “Security” is checked on the “Reporting configuration” tab’s “Reported (visible) bug categories” list.

findsec bug

3.Find out Vulnerability




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s