Also known as Source Code Analysis, Static Code Analysis is usually done as part of white-box testing or Code Review. It’s performed at the Security Development Lifecycle’s implementation phase. Static Code Analysis usually pertains to the running of SCA tools that try to underline possible vulnerabilities in non-running or static source code by using methods like Data Flow Analysis and Taint Analysis. Ideally, security flaws would be found by such tools with a high level of confidence that what’s detected is really an error, but this not enough for many forms of application security flaws. Such tools, thus, often function as aids for analysts to help them determine security relevant parts of code so that they can detect errors more effectively.