Interview Questions on Fortify static code analyzer


1. What is Static code Analysis ?

Ans: Static code analysis is a method of automating the debug process of source code before the program is executed.

2. What are the four steps in software development methodologies ?

Ans:

a. Plan
b. Build
c. Test
d. Field

3. What are the four traditional stages of the code review cycle ?

Ans:

a. Establish goals
b. Run the static analysis tool
c. review the code
d. bug fixing

4. What is fortify SCA ?

Ans: Fortify SCA is a static application security testing (SAST) tool. It is used by developers and security professionals.

5. What are the features of the fortify analyzer ?

Ans:

a. Translates source code to intermediate translated format.
b. scans the translated format and generates reports on the vulnerabilities.
c. audits the results of the scan.

Click on below link for Devops Interview QA book:

https://amzn.to/2YsiZah

6. What are the reasons for the success of the fortify ?

Ans:

a. Comprehensive
Fortify SCA works with a wide variety of language , framworks , platforms to be integrated with security reviews in development and production environments.
b. Accurate
Fortify provides an accurate result by prioritizing the vulnerabilities and generating risk-ranked issues.
c. Flexible
Fortify can be integrated with any development environment.
d. Efficient
Increase the productivity of programs by incremental scanning.


e. Scalable
Fortify SCA can identify the risks in all types of applications.
f. On-premises or On-Demand
Fortify SCA is used as on premises for deployment, management and application security testing.
g. Integration
Fortify can be integrated with many build tools namely :

a. eclipse
b. sonarqube
c. jenkins
d. maven

7. What are the six types of analyzers in static code analyzers ?

Ans:

a. Data flow
b. Control flow
c. semantic
d. structural
e. configuration
f. buffer

8. What is the use of data flow anlayzer ?

Ans: Detects the flow of data between source and sink.

9. What is the use of control flow analyzer ?

Ans: Helps in detecting the critical operation sequences.

10. What is the use of semantic analyzer ?


Ans: Detects the potential vulnerabilities in the use of function and API's.

Click on below link for Devops Interview QA book:



Comments

Post a Comment

Popular posts from this blog

Python & Shell Scripting Real Time Course Book & Videos

Image
In this e-book we explained every thing with a example so that it will be easy for user to understand. we will also share the  Basic and advanced shell Scripting videos. Below are the topics Basic Shell Scripting: Content 1. Introduction 2. Variables 3. Echo 4. Shell Arithmetic 5. Quotes 6. Exit status 7. Read Statement 8. Wildcards 9. Semicolon 10. Command line argument 11. Redirector Symbol 12. Sort 13. Tr 14. Pipes 15. Filter 16. Process 17. Bc 18. if condition 19. Test command 20. if-else 21. Multilevel if then else 22. Loops 23. for loop 24. While loop 25. Case statement 26. Debug Advanced Shell Scripting  Content 1. /dev/null 2. Local variable 3. Global variable 4. Conditional Execution 5. File Descriptor 6. Functions 7. Dialog utility 8. Trap Command 9. Shift Command 10. Getopts 11. Cut Utility 12. Paste Utility 13. Join Utility 14. Awk Utility 15. Sed Utility 16. Uniq Utility 17. Grep Utility 18. Ex Utility 19. Doing arithmetic with awk 20. Predefined variable of awk 2...
Read more

Top Five Devops Technical Interview QA Books

Image
1. Devops:Git,Jenkins,Chef,Perl & SVN URL:  https://payhip.com/b/Mt9p 2. Devops:AWK,AWS,Docker,Kubernetes & Puppet URL: https://payhip.com/b/Mt9p 3. Devops: Jira,Gradle,Consul & Fortify URL:  https://payhip.com/b/Mt9p 4. Devops: RHEL8 , Docker & Puppet URL:  https://payhip.com/b/Mt9p 5. Devops: Data Science URL:  https://payhip.com/b/VXDRJ
Read more

Linux-Command Hands-On (DF)

Image
  OBJECTIVE: Aim of this practical is to show you all the possible cases of df command in a real time situation.This kind of practical make you expertise in solving big IT problem in minimum effort. 1. Suppose you have list of multiple servers where you have want to check all the local filesystem.How will you overcome with this problem ? Solution: #!/bin/bash for i in $(cat hostname.txt) do ssh $i df -a done For more problems Please click on below link  https://payhip.com/b/247HD
Read more