Defect and Vulnerability Detection

Locate even the most elusive programming bugs and identify where code can be susceptible using Klocwork static analysis for C, C++, Java, and C# source code. Apply industry and security standards using pre-configured checkers, or create your own custom checkers to support your organization’s quality, SLA, and security mandates.

Klocwork detects all OWASP Top 10 vulnerabilities:

  • OWASP LogoInjection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Know Vulnerabilities
  • Unvalidated Redirects and Forwards

Klocwork finds hundreds of errors on well-validated, feasible execution paths by applying inter-procedural control flow, data flow, value-range propagation, and symbolic logic evaluation.

See the kinds of issues Klocwork finds, complete with selected bug examples, including code snippets and detailed descriptions.

About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You’ll find everything about OWASP linked from our wiki and current information on our OWASP Blog. OWASP does not endorse or recommend any product or service This allows our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.