Taint Analysis (Taint Tracking/Checking)

Taint analysis is a technique that is mostly used to detect security vulnerabilities. It tracks information flow through a program. Untrusted input and sensitive data are often the information that are tracked in a taint analysis. A list of common security vulnerabilities which can be detected by taint analysis:

• SQL Injection (cwe-89)
• OS Command Injection (cwe-78)
• XXS (cwe-79)
• Cross-Site Request Forgery (cwe-352)
• Path Traversal (cwe-22)
• Missing Authentication for Critical Function (cwe-306)
• Use of Hard-coded Credential (cwe-789)
• Missing Encryption of Sensitive Data (cwe-311)
• Open Redirect (cwe-601)
• and many more …