17 Jan Practice Test Question – Static Code Analysis Techniques
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
What static code analysis technique seeks to identify the variables in a program that may contain user input?
A. Lexical analysis
B. Taint analysis
C. Control flow analysis
D. Signature detection
Correct Answer: B
Taint analysis traces variables that may contain user input and ensures that they are sanitized before being used by a potentially vulnerable function. Lexical analysis converts source code into a tokenized form. Control flow analysis traces the execution path of code. Signature detection looks for known patterns of malicious activity.