If you’re concerned about application security and what it means for code, then you’ve probably heard of the Open Web Application Security Project (OWASP). This organization is an international not-for-profit foundation dedicated to improving software security through education. Developers use the OWASP Top 10 list of common and exploitable security vulnerabilities to protect their applications and users. The list is based on over five hundred thousand vulnerabilities and is referenced by many standards, books, and organizations including NIST, DISA and the World Wide Web Consortium (W3C).
Let’s examine three vulnerabilities on OWASP’s 2013 list to see how Klocwork’s static analysis helps find them for you.