… is consultant for software quality at CQSE GmbH. He received a PhD in software analysis from the University of Passau.
Posted on 11/10/2017 by Dr. Alexander von Rhein
Our mission at CQSE is to help customers improve the quality of their code. Our tool Teamscale checks source code and reports issues such as logical flaws, copy&paste programming and possible performance bottlenecks. However there is one aspect of code quality that we did not address so far: code security. Code is secure if it can not be used by an attacker to perform unintented, dangerous actions on the host system. For example, if an attacker inserts
'; DROP TABLE Customers; in an input field, this might cause a system to delete the
Customers table—a well known »SQL Injection« attack. In this post, I will explain how new analyses in Teamscale can efficiently detect vulnerabilities for such attacks and report them to developers.