Psalm reader Psalm detects several taint types in user input such as SQL code, shell commands, and client-side code. The tool is also highly configurable in order to reduce false positives. The addition of the taint analysis function comes after the security team at Vimeo found that commercial tools of this kind produced too many false positives.
“In 2018 we tried a product from RIPS Tech (now part of SonarQube) and it generated a 1,200-page PDF report, and none of the issues were exploitable on vimeo.com,” Psalm developer Matthew Brown told The Daily Swig. Read about more of the latest hacking tools After reading about Facebook’s taint analysis tool, Brown decided to implement a similar feature into Psalm.
