Introduction
Static code analysis is carried out during the implementation phase of SDLC. This is the part of white-box testing that identifies security vulnerability in the static source code. In this activity, you will research static source code analysis using the major OWASP vulnerabilities.
Instructions
Begin by reading the following:
Jinfeng, L. Vulnerabilities Mapping based on OWASP-SANS: a Survey for Static Application Security Testing (SAST) [PDF, 1.3 MB]. Annals of Emerging Technologies in Computing (AETiC), Print ISSN: 2516-0281, Online ISSN: 2516-029X, pp. 1-8, Vol. 4, No. 3, 1st July 2020, Database: arXiv
“ISACA’s New Cybersecurity Resources Include Hands-on Training to Mitigate OWASP Top 10 Vulnerabilities.” [PDF, 6 KB] Information Technology Newsweekly, 30 July 2019, p. 180. Gale OneFile: Computer Science, https://link-gale-com.ezproxy.umgc.edu/apps/doc/A594753758/CDB?u=umd_umuc&sid=CDB&xid=4666c543. Accessed 20 May 2020. https://link-gale-com.ezproxy.umgc.edu/apps/doc/A594753758/CDB?u=umd_umuc&sid=CDB&xid=4666c543. Accessed 20 May 2020.
OWASP: Static Code Analysis https://owasp.org/www-community/controls/Static_Code_Analysis
OWASP: Source Code Analysis Tools https://owasp.org/www-community/Source_Code_Analysis_Tools
Next, address the following in a 2-3 page short paper:
Describe four of the OWASP top 10 vulnerabilities as outlined below. Be sure to include:
Description of the identified vulnerability.
What are some of the reasons causing the noted vulnerability?
What are some methods to remove the vulnerability?
Which attacks can be easily carried out based on the vulnerability identified?
How does knowing the vulnerabilities help with coding standards?
The Top 10 OWASP vulnerabilities in 2020 are:
Injection
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access control
Security misconfigurations
Cross Site Scripting (XSS)
Insecure Deserialization
Using Components with known vulnerabilities
Insufficient logging and monitoring
