What is Taint Analysis and SQL Injection?

Code analysis is done on code so that any bugs or problems can be ironed out and the code can be as airtight as possible. There are many ways to go about checking your code, as many as there are things you need to look for that could be possible risks to security or the stability of your program. Static Code Analysis is the act of looking over your code without running or debugging it. One of the many things to do while analyzing your code is taint analysis.

What is a tainted variable?

Any interactive program has plenty of places that users can input data into, that data is sorted and put into the places it needs to be. Names, addresses, phone numbers, credit cards, even social security numbers. But what if a user inputs data that doesn't line up to what your program is looking for? The wrong input can lead to a bunch of errors which is good for nobody. Taint Analysis is when you go through every single variable in your code that can be influenced by user input and check to see what can happen if it's abused. There are programs that make a list of every variable and warn you about the ones that hold crucial data and the ones that can be manipulated to get past the system security.

How to check for tainted variables

SQL Injection is a popular method of hacking into data based applications or websites. It's also a common tool for finding faults in your security. SQL statements are used to access the databases behind these applications and can be used nefariously through input fields such as login pages or a search bar to look for a certain product. Adding a simple boolean statement can hijack the database and give the user all the data, or give him the power to erase all the data completely. These statements can easily give the hacker access to an entire database full of users and passwords, data invisible to the public, online payment info from customers, and it's not a complicated process either. But there are tools out there that can help you find these errors and fix them quickly.

If you have an SQL vulnerability, using a Static Code Analysis tool will identify an error and point it out to you. Using these tools can help you find these tainted variables with little difficulty so you can reconstruct the code around that issue.