Loading

Static Testing Tools


Static testing is a form of software testing which is performed in a static environment i.e., verification of a software product for flaws without execution of the main code. In order to facilitate this task in a quicker manner, across different working languages, we give you a list of some of the most commonly used tools for static testing with a brief description of their specialities.

Sl.No. Tools Specialities
1. RIPS This tool is useful for PHP based platforms and detects sinks and guards against SQL injection and cross site scripting.

Pros:

  • The tool delivers quick results.

Cons:

  • The tool has become obsolete and has not been followed with an upgrade.
2. YASCA (Yet Another Source Code Analyser) This is a useful tool to check for security bugs in C++ & Java based products.

Pros:

  • Pretty wide coverage.
  • Can be easily integrated with other static testing tools.

Cons:

  • Doesn't cover all the critical issues plaguing the product.
3. YASCA (Yet Another Source Code Analyser) This tool helps in detection of errors or flaws in JAVA applications.

Pros:

  • The software product's logic is tested without the need for compilation of code.

Cons:

  • It's useful for a limited range of platforms such as Eclipse IDE.
4. Visual Code Grepper This code security tool works admirably well with products based on PHP,C++, Java and Visual basic to detect issues related with the code by speedily scanning and describing them in detail.

Pros:

  • Tells how vulnerable the security levels of the product are.
  • Helps in checking violations pertaining to Open web application security project recommendations.

Cons:

  • Doesn't facilitate complete automation.
5. DevBug Another tool useful for PHP platforms, this tool was originally written in JavaScript.

Pros:

  • Simple to use.
  • Delivers fast results.

Cons:

  • Not suitable for heavy duty or complex software applications.
6. Flawfinder Flawfinder is a useful tool for sorting out security issues in C language based applications depending on the risk level. This tool is written in Python and utilises a command line interface.

Pros:

  • The tool is CWE compatible.
  • Accuracy of results.
  • Possesses feature for checking code centric changes.

Cons:

  • Requires the use of Python 1.5.
7. Brakeman This tool is for detecting security vulnerabilities in ROR (Ruby on rails) platform at any stage of product development.

Pros:

  • Easy set up.
  • Fast results.
  • The test cases used for code analysis can be customised for targeting specific areas.

Cons:

  • The tool can raise false alarms showing positive test results for faults which are not genuine.
8. CPPCheck Another tool based on C/C++ platform, this test is used for checking non standard codes which fail to be detected by a compiler.

Pros:

  • The tool can be easily integrated with other IDEs such as eclipse and Visual studio.
  • Available in many international languages besides English such as Dutch, German, Russian, etc.

Cons:

  • Not easy to customize.
  • Takes too long to deliver results.