CPSC 420 Chapter Notes - Chapter 7: Penetration Test, Deployment Environment
Document Summary
The static analysis finds weaknesses in the code at the exact location. So, the software developers know exactly where to go to find the vulnerability and can work on solving the issue. It enables them to work faster for fixes. The level of action should be determined by what the issue is and what the report from the analyser says. The analysis helps the developer to understand whether this error is fatal and prevent further failures. The analyzer sorts out errors by the level of certainty and simplifies the work. Thus, the developer can focus only on high-level errors and disable those with a high percentage of false positives. The high level errors and vulnerabilities should take priority while the smaller errors can wait or even be ignored if they do not cause a disruption or create an opening for an attacker. Purpose- defining goals in terms of technology and business is crucial to determining the scope and time frame.
