Code review technology has become a pivotal part in the construction of network security.Analysis of the test reports obtained by the current code auditing system shows that there are many false positives in the report.The shortcomings in the development of the code audit system were summarized
the principles of different detection algorithms were briefly described
the causes of false alarm rates were analyzed
corresponding optimization ideas were proposed
the technical principles of optimization were explained
and the application scenarios of optimization schemes were described.
关键词
Keywords
references
罗琴灵 . 基于静态检测的代码审计技术研究 [D ] . 贵阳:贵州大学 , 2015 .
LUO Q L . Research on code audit technology based on static detection [D ] . Guizhou:Guizhou University , 2015 .
WANG Y N . Design and implementation of a XSS vulnerability grey box detection scheme [D ] . Chengdu:University of Electronic Science and Technology of China , 2017 .
LIANG Y Y , XU T , NING J C , et al . The important value of code audit work in the whole security system [J ] . Network and Computer Security , 2012 ( 12 ): 32 - 34 .
LIU Y , HONG J B . A dynamic detection method based on Web crawler and page code behavior for XSS vulnerability [J ] . Telecommunications Science , 2016 , 32 ( 3 ): 87 - 91 .
乔涛 . 跨站脚本漏洞检测与防御技术研究 [D ] . 扬州:扬州大学 , 2017 .
QIAO T . Research on cross-site scripting vulnerability detection and defense technology [D ] . Yangzhou:Yangzhou University , 2017 .
LI Z , ZOU D Q , WANG Z L , et al . Survey on static software vulnerability detection for source code [J ] . Chinese Journal of Network and Information Security , 2019 ( 2 ): 2 - 4 .
HUANG X G , WANG P , LIU J J , et al . Research on source code static testing technology based on tool detection [J ] . Computer Programming Skills & Maintenance , 2019 ( 5 ): 17 - 19 .