Nowadays, it is difficult to develop high-quality software without using static code analysis. Others argue that dynamic code analysis or manual penetration testing is a good substitute for static code analysis because these testing methods can accurately detect known vulnerabilities without generating false positives. However, we tend to overlook the problem that, in contrast to static code analysis, dynamic testing does not examine all the code, but only simulates the vulnerability of the attack software while it is running, and then removes the risk. However, real network attackers tend to be more experimental and creative than testers, once there are unknown risks such as 0day vulnerabilities, software repair will face greater challenges. Therefore, a good static code detection tool is an indispensable guarantee for the safe operation of software.

At present, the market is full of many old static code analysis tools manufacturers at home and abroad, and at the same time, more and more new static code analysis tools are emerging. The reason for this is that each static analysis tool has the advantage of detecting certain vulnerabilities. So why isn’t there a static analysis tool that can thoroughly detect all aspects and effectively eliminate false positives, while still working fast and without consuming a lot of CPU, time, and memory?

The reason lies in the architecture of static analysis techniques. Many vendors of static analysis tools claim that they support the use of all programming languages, rather than individual components, and that this “holistic approach” avoids missing interfaces between software products and achieves good detection results. But in fact, each programming language has its own different general internal representation, and the more heterogeneous programming languages there are, the more heterogeneous components of the tree’s vertices feature, which will lead to a decrease in productivity in some aspect of detection.

A new generation of static analysis technology — Wukong Software Source code Static Detection and Analysis Tool (SAST)

Zhongke day together under the support of the Chinese Academy of Sciences calculation, independent research and development of the product letter wu empty static code detection tools can help enterprises in the software development stage to find, identify, track security vulnerabilities caused by the code specification/defect, to appear in the process of coding technology and logical loopholes in early warning and repair and effectively eliminate a large number of false positives and omission, It reduces the risk of unknown vulnerabilities after software runs and effectively improves the security capability of software against network attacks.

Advantages of Wukong static detection:

International leading code slice analysis technology

Wukong has independently developed the world-leading code slice analysis technology, which can directly extract the key information in the program and effectively shorten the detection time.

② Cross-file and cross-function context-sensitive analysis techniques

Wukong adopts cross-file and cross-function context-sensitive analysis technology, which can find the trigger path of complex vulnerabilities. By constructing control flow diagram, function call diagram and function summary information, the deep defects are found.

③ Similar code fingerprint technology

Wukong uses similar code fingerprint technology to support the detection of third-party libraries and open source components, which can greatly improve the detection efficiency in code cloning analysis.

(4) Real-time tracking technology of vulnerability information

By tracking and analyzing the latest vulnerabilities (including 0DAY vulnerabilities), constantly optimize and improve the security vulnerability mode to ensure that the detection engine can support the latest security vulnerability detection and minimize the risk of enterprise information leakage.

Software security The last line of defense for network security

Zhongke Tianqi company is strongly promoted by the Institute of Computing Technology of Chinese Academy of Sciences

With the international leading independent research results of cas institute of Computing science

“Software Code Vulnerability Detection and Repair Platform (Wukong Wukong)”

For the foundation of the establishment of high-tech enterprises

Keywords: Static analysis technology code static testing software security testing static analysis static testing tools

Read the link: www.woocoom.com/b021.html?i…