In the previous chapters, we saw how to identify vulnerabilities in web applications. We used tools from Kali Linux to find out injection flaws, scripting flaws, and several other common vulnerabilities. We know that web applications include parameters that are not easy to identify and we need a more comprehensive approach to find vulnerabilities.
To improve the security and robustness of the application further, we can perform static code analysis on the source code of the application, which will help identify improper programming practice and coding problems that an attacker can exploit. However, static analysis has some limitations. It only evaluates the application in a non-live state. Performing static analysis of the source code won't help you find how the application will behave when it's running live and when clients interact with it. To use the static analysis method, we also need to have access to the source code of the application.
A more effective...