...
- Input from the user is considered as tainted (possibly controlled by adversary), i.e user is considered as a untrusted source
- Data is used, assuming it is untainted (must not be controlled by adversary), i.e. sensitive data sinks rely on trusted (untainted) data
Source locations are those code places from where data comes in, that can be potentially controlled by the user (or the environment) and must consequently be presumably considered as tainted (it may be used to build injection attacks).
Sink locations are those code places where consumed data must not be tainted.
| Info |
|---|
The goal of Tainted Flow Analysis is to detect tainted data flows: For all possible sinks, prove that tainted data will never be used where untainted data is expected. Kiuwan implements Tainted Flow Analysis by inferring flows in the source code of your application:
|
...