SiteShadow

Proof pages

Security examples developers can inspect.

SiteShadow proof pages show the vulnerable flow first, then explain why taint tracking matters: sources, helper functions, sinks, and fixes in plain code.

Published proof

Why regex-based SAST misses multi-hop SQL injection

A source-to-sink walkthrough showing how user input can cross helper functions before it reaches a SQL query, and why pattern matching alone can miss the connected flow.

SQL injection static analysis Taint tracking SAST Regex SAST limits
Read proof

Published proof

Why pattern-only SAST flags DOMPurify as a false positive

The same source-and-sink pattern looks identical with or without a recognized sanitizer. See how SiteShadow recognizes DOMPurify-wrapped code while still flagging the unsanitized version, a practical false-positive reduction example.

DOM-based XSS Sanitizer recognition False-positive reduction
Read proof

Published proof

Why subprocess(shell=True) is the command-injection trap pattern-only SAST misses

Modern Python reaches for subprocess, safer with an args list, dangerous as soon as shell=True turns it back into a shell-formed string. See the trap, the structural fix (args-list, not a wrapper), and the shlex.quote() sanitizer SiteShadow recognizes.

Command injection subprocess shell=True shlex.quote recognition H06 heuristic
Read proof

Coverage proof

Detection Coverage

A technical coverage page showing supported languages, vulnerability classes, benchmark methodology, current benchmark evidence, and limitations. This is the source a buyer should read before accepting any broad coverage claim.

Languages and taint status Benchmark methodology Known limitations
Read coverage