Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions
Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions
21 February 2022
Parfait is a static analysis tool originally developed to find defects in C/C++ systems code. It has since been extended to detect injection attacks in Java and PL/SQL applications. Parfait has been deployed internally at Oracle, is used by thousands of developers, and can be integrated at commit-time, in the nightly build or used standalone. Commit-time integration brings security closer to developers, and provides them with the opportunity to fix defects before they are merged. This poster presents some of the challenges we encountered in the process of extending Parfait from a defect analyser for C/C++ to a security analyser for Java and PL/SQL, and the solutions that enabled us to analyse a variety of commercial enterprise applications in a fast and precise way.
Venue : Cyber Defence Next Generation Technology 2021
File Name : Scalable_Static_Analysis_to_Detect_Security_Vulnerabilities:_Challenges_and_Solutions.pdf