SPARROW detects the security weakness and defect that occur while the program runs with great accuracy.
SPARROW is the top static analysis tool in Korea that detects security weakness and execution error during the development phase through source code analysis. SPARROW, developed by Fasoo.com, has a globally competitive source code analysis technology that boasts of speedy analysis and accurate detection. The tool has an edge over other static analysis tools with machine learning technology, which boosts of the developer’s efficiency. It is now widely used across public/defense/finance/corporate sectors that use software tools.
-
Software Quality Diagnostic Tools
SPARROW QCE is a tool that detects source code errors that can cause software problems such as memory leak and null pointer dereference. It provides various coding standard guidelines and prevents program defects caused by execution errors from the development phase, and eventually improves source code quality. It complies with local/offshore coding standards required for automobile, defense, and aircraft industries, and the IoT (embedded) sector.
- Defense Acquisition Program Administration Coding Rules
- CERT, OWASP, PCI DSS
- MISRA-C++(2008),MISRA-C(1998, 2004, 2012), BSSC, HIS, HIC++, JPL, JSF C++, MSDN C#
-
Secure Coding Diagnostic Tools
SPARROW SCE is a secure coding diagnosis tool that detects weaknesses in source code that can breach security such as cross site script (XSS) or SQL injection. It detects weak points in security during the development phase, thereby preventing security accident. It satisfies local security requirements and offshore security coding guideline of the Ministry of the Interior, Electronic Finance Supervisory Regulations, or the National Intelligence Service. In addition, the web and mobile applications support software development in the IoT environment.
- Protects against 47 source code security weaknesses identified by the Ministry of the Interior
- Protects against security weaknesses identified by the National Intelligence Service
- Protects against weak points according to the Article 17 of Electronic Financial Supervisory Regulations
- Protects against CWE, CERT, SANS Top 25, OWASP Top 10
SPARROW has been proven for its quality and technology by GS, CC, and ISO 26262 certificates, and used in various sectors including public, finance, and business.
Main Function
SPARROW analyzes one million lines per hour with high accuracy (OWASP benchmark score 94.8).
It provides high-quality application development environment through central management and intelligent service.
-
Central Rule Management
Central management system sets up rules to be applied for each project, which makes it possible to use enterprise-wide source code screening policy.Customizable Dashboard/Statistics/Reports
Items in dashboard/statistics/reports can be customized to show the weaknesses detected and the actions taken to correct them.Supports efficient source code analysis
Time spent on source code screening and editing can be cut by analyzing the changed source code only.Supports various framework
Complicated source code based on multiple frameworks can be analyzed accurately through an analysis of framework setting files such as Spring and ProFrame and source code data. -
Active Edit Code Suggestion
Developers can edit errors with ease as the system shows possible suggestion.Intelligent Issue Clustering
Reduces code editing time for developersVarious Programming Language
Supports Java, JSP, C/C++, C#, XML, PHP, ASP.NET, VB.NET, Javascript, VBScript, Objective-C, HTML, SQL, ABAP, SWIFT, APEX
SPARROW Compatible Environment
| Item | Requirements |
|---|---|
| Language | C/C++, Java, JSP, C#, XML, PHP, ASP.NET, VB.NET, Javascript, VBScript, Android Java, Objective-C, HTML, SQL, ABAP |
| Framework | Java: e-government, Spring Framework, IBATIS, MYBATIS, Struts2 C : Tmax ProFrame C# : ASP.NET MVC Supports Tobesoft platform (MiPlatform, XPlatform, Nexacro) |
| Compatible system | Issue tracking system: Redmine, Jira CI(Continuous Integration) tool: Jenkins, Teamcity Version control system : Git, Subversion, Microsoft Team Foundation Server |
| Plug in | Eclipse(3.2 or above) Visual Studio(2005~2013) Proframe Studio IntelliJ, Android Studio - Eclipse Based Tool (IBM RAD, etc) |
WISESTONE is a partner of Fasoo.com.
