How to choose a static analysis tool

Tools to improve and control code quality can be a keyΒ success factor in a complex software project implementation. Static analyzers belong to such tools. Nowadays, you can find various static analyzers: from free open-source to cross-functional commercial solutions. On the one hand, it’s great – you can choose from many options. On the other hand – you have to perform advanced research to find the right tool for your team.

Continue reading

XSS: attack, defense – and C# programming

XSS – or cross-site scripting – is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let’s figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we’re at it, we’ll talk about ways you can protect yourself from XSS.

Continue reading

Pentest Insights: Choosing a Tool for Traffic Analysis and Interception

GUEST POST

Author David Balaban

Traffic analysis is a very important stage of penetration testing. In packets transmitted over the network, you can find many interesting things, for example, passwords for accessing various resources and other valuable data. To intercept and analyze traffic, sniffers are used, which humanity has invented a great many. Today I will talk about several popular sniffers for Windows.

Continue reading

Using Static Analysis Online [Compiler Explorer]

Do you want to try a static analyzer but you don’t feel like installing it and figuring the things out? That’s OK 😊

This video will tell you how to do it online and most importantly for free. By the way, this website allows you to check if your code compiles πŸ˜‰

Code from video.

Have fun watching this video and coding πŸ™‚

Optimization of .NET applications: a big result of small edits

Today we’re going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.

Continue reading

How to Use Mass Suppression in PVS-Studio for C#?

Have you just run the analyzer and now you have no idea what to do with all this abundance of warnings? πŸ“œ Nothing to worry about – we made a special mechanism that can help you deal with them πŸ’ͺ🏻

In this video, you’ll learn about the inner workings of mass warnings suppression mechanism in PVS-Studio for Π‘#. If you’re interested in other programming language, follow the links bellow πŸ™‚

Mass Suppression in PVS-Studio for C++

Mass Suppression in PVS-Studio for Java

Conclusion Have fun watching this video and coding πŸ™‚

A beautiful error in the implementation of the string concatenation function

We, the PVS-Studio static code analyzer developers, have a peculiar view on beauty. On the beauty of bugs. We like to find grace in errors, examine them, try to guess how they appeared. Today we have an interesting case when the concepts of length and size got mixed up in the code.

Continue reading

Enums in C#: hidden pitfalls

C# has low barriers to entry and forgives a lot. Seriously, you may not understand how things work under the hood but still write code and remain easy-going about this. Though you still have to deal with different nuances over time. Today, we’ll look at one of such subtle aspects – handling enumerations.

Continue reading

How to Use Mass Suppression in PVS-Studio for Java?

Have you just run the analyzer and now you have no idea what to do with all this abundance of warnings? πŸ“œ Nothing to worry about – we made a special mechanism that can help you deal with them πŸ’ͺ🏻

In this video, you’ll learn about the inner workings of mass warnings suppression mechanism in PVS-Studio for Java. If you’re interested in other programming language, follow the links bellow πŸ™‚

Mass Suppression in PVS-Studio for C++

Mass Suppression in PVS-Studio for C#

Have fun watching this video and coding πŸ™‚