- Static Analysis(Code Review)
- API Testing
Static Analysis(Code Review)
Ask anything you need to know to achieve stable software quality and to meet launching schedule. We can find potential issues and errors that may hinder your path to success.
Static code analysis uses a code analysis tool to track code and to identify errors that are noncompliant to development standards to allow the development team to correct them early on.
WISESTONE conducts static analysis using SPARROW, the source code security weakness analysis tool of Fasoo.com which gained security related certificate for the first time in Korea.
Codes that are noncompliant with the standards are potential issue. Detect any risk factor in your software in the development phase so the launching schedule could be met.
Our static analysis service secures software stability at lower costs as it helps you to detect and correct potential errors.
Static Analysis Process
About SPARROWSPARROW is a leading static analysis tool based on semantic analysis engine, which identifies with great accuracy security weaknesses and defects in program execution that are not found easily during source code analysis.
It detects the 47 security weaknesses announced by the Ministry of Interior, and noncompliances with standards such as OWASP, CWE, CERT, MISRA, and BSSC. Its speedy analysis produces results twice as fast as any foreign static analysis tool. It analyzes large-scale source codes accurately and swiftly, and its quality and technology have been verified by GS and ISO 26262 certificates.
SPARROW is the most effective static analysis tool that achieved CC certificate for source code security weaknesses and satisfies software development security and quality requirements. WISESTONE is a partner of Fasoo.com.
Benefits of Static Analysis
Static analysis detects and eliminates potential errors that may critically undermine security of an application and reduces time-to-market.
Scope of Verification
Buffer Overflow, Null Pointer, Divided by Zero, Memory Leak, Resource Leak, Uninitialized variable.. etc
Dead Code, Unreachable Code, Ignored Return Value, Useless Values 등
Coding standards violations
MISRA-C:1998, MISRA-C:2004, High Integrity C++, CERT – C, C++, JAVA, SW development security guideline by the Ministry of Interior, and Electronic Finance Supervisory Regulations
Why Choose Us
- We help our customers to detect and correct errors early on in the development life cycle, so they could meet their launching schedule and save costs on quality control at a later phase of development.
- Our test professionals have extensive experience across all aspects of domain quality control.
- Our unique OWL PnF Methodology produces test results in accordance with standard protocol.