The present invention relates to analysis of computer-based software applications.
Static analysis of a computer-based software application refers to an analysis of the application that is performed without executing the application. Static analysis is typically performed on the instruction code of an application to identify issues within the instruction code, such as logic errors and security vulnerabilities. One common type of static analysis, known as taint analysis, is used to identify application variables that are “tainted” in that they refer to data that come from or are influenced by an external and/or untrusted source (e.g., a malicious user), thereby making the application potentially vulnerable to attack. Another type of static analysis, known as string analysis, is used to identify string values that may arise during the execution of an application. String analysis may be used in conjunction with other types of static analysis, such as with taint analysis to test countermeasures that an application uses to protect itself against malicious attacks through tainted variables.