For example, Fortify 360 Static Application Security Testing technology can examine source code and pick out exposures that result from poor or hurried programming. If a programmer has created a form where a user is to enter a zip code, but leaves space for 32 characters to be entered instead of five, 360 SAST would detect that. If the zip code were to be loaded from the form into a database, a 32-character space would open the door to an SQL injection attack. A hacker could put an SQL statement where the zip code was supposed to go and the database would act on it, once the injection was uploaded.
The link for this article located at Information Week is no longer available.
