Taint Analysis (Taint Tracking/Checking)
Taint analysis is a technique that is mostly used to detect security vulnerabilities. It tracks information flow through a program. Untrusted input and sensitive data are often the information that are tracked in a taint analysis. A list of common security vulnerabilities which can be detected by taint analysis:
- SQL Injection (cwe-89)
- OS Command Injection (cwe-78)
- XXS (cwe-79)
- Cross-Site Request Forgery (cwe-352)
- Path Traversal (cwe-22)
- Missing Authentication for Critical Function (cwe-306)
- Use of Hard-coded Credential (cwe-789)
- Missing Encryption of Sensitive Data (cwe-311)
- Open Redirect (cwe-601)
- and many more …