Habr<p>Поиск потенциальных уязвимостей в коде, часть 2: практика</p><p>В прошлый раз мы ознакомились с общими подходами в поиске уязвимостей безопасности в приложениях. В этот раз спустимся ближе к земле и посмотрим на то, как мы реализовали эти механизмы в нашем статическом анализаторе для Java.</p><p><a href="https://habr.com/ru/companies/pvs-studio/articles/885576/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/pvs-stud</span><span class="invisible">io/articles/885576/</span></a></p><p><a href="https://zhub.link/tags/sast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sast</span></a> <a href="https://zhub.link/tags/taint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>taint</span></a> <a href="https://zhub.link/tags/taint_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>taint_analysis</span></a> <a href="https://zhub.link/tags/cfg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cfg</span></a> <a href="https://zhub.link/tags/defuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defuse</span></a> <a href="https://zhub.link/tags/call_graph" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>call_graph</span></a> <a href="https://zhub.link/tags/inheritance_graph" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>inheritance_graph</span></a> <a href="https://zhub.link/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://zhub.link/tags/dataflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataflow</span></a> <a href="https://zhub.link/tags/static_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>static_analysis</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.6Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#taint_analysis
0 posts · 0 participants · 0 posts today
Habr<p>Java, Taint и SAST: что это и зачем, и причём здесь ГОСТ 71207</p><p>На Java пишется огромное количество серверного кода. Отсюда следует, что написанные на ней веб-приложения должны быть устойчивы к специальным уязвимостям. И эта небольшая статья как раз про один из способов борьбы с ними — SAST. И ещё про то, что такое taint-анализ и как он во всём этом участвует.</p><p><a href="https://habr.com/ru/companies/pvs-studio/articles/876890/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/pvs-stud</span><span class="invisible">io/articles/876890/</span></a></p><p><a href="https://zhub.link/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>java</span></a> <a href="https://zhub.link/tags/sast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sast</span></a> <a href="https://zhub.link/tags/%D1%81%D1%82%D0%B0%D1%82%D0%B8%D1%81%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9_%D0%B0%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>статистический_анализ</span></a> <a href="https://zhub.link/tags/%D1%81%D1%82%D0%B0%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9_%D0%B0%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7_%D0%BA%D0%BE%D0%B4%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>статический_анализ_кода</span></a> <a href="https://zhub.link/tags/pvsstudio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pvsstudio</span></a> <a href="https://zhub.link/tags/taint_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>taint_analysis</span></a> <a href="https://zhub.link/tags/%D0%B3%D0%BE%D1%81%D1%82" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>гост</span></a> <a href="https://zhub.link/tags/%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>информационная_безопасность</span></a> <a href="https://zhub.link/tags/%D1%83%D1%8F%D0%B7%D0%B2%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D0%B8" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>уязвимости</span></a> <a href="https://zhub.link/tags/%D1%83%D1%8F%D0%B7%D0%B2%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D0%B8_%D0%B8_%D0%B8%D1%85_%D1%8D%D0%BA%D1%81%D0%BF%D0%BB%D1%83%D0%B0%D1%82%D0%B0%D1%86%D0%B8%D1%8F" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>уязвимости_и_их_эксплуатация</span></a></p>
Habr<p>Поиск потенциальных уязвимостей в коде, часть 1: теория</p><p>Риски наличия уязвимостей безопасности всем известны: нарушение работы приложения, потеря данных или их конфиденциальности. В этой статье мы посмотрим на наглядных примерах фундаментальную сторону подхода, при котором уязвимости можно находить ещё на этапе разработки.</p><p><a href="https://habr.com/ru/companies/pvs-studio/articles/866896/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/pvs-stud</span><span class="invisible">io/articles/866896/</span></a></p><p><a href="https://zhub.link/tags/sast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sast</span></a> <a href="https://zhub.link/tags/taint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>taint</span></a> <a href="https://zhub.link/tags/taint_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>taint_analysis</span></a> <a href="https://zhub.link/tags/cfg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cfg</span></a> <a href="https://zhub.link/tags/defuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defuse</span></a> <a href="https://zhub.link/tags/ssa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssa</span></a> <a href="https://zhub.link/tags/call_graph" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>call_graph</span></a> <a href="https://zhub.link/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://zhub.link/tags/dataflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataflow</span></a> <a href="https://zhub.link/tags/static_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>static_analysis</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload