Locate even the most elusive programming bugs and identify where code can be susceptible using Klocwork static analysis for C, C++, Java, and C# source code. Apply industry and security standards using pre-configured checkers, or create your own custom checkers to support your organization’s quality, SLA, and security mandates.
Klocwork detects all OWASP Top 10 vulnerabilities:
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Know Vulnerabilities
- Unvalidated Redirects and Forwards
Klocwork finds hundreds of errors on well-validated, feasible execution paths by applying inter-procedural control flow, data flow, value-range propagation, and symbolic logic evaluation.
See the kinds of issues Klocwork finds, complete with selected bug examples, including code snippets and detailed descriptions.