Integrated Approach to Detect Vulnerabilities in Source Code
Journal Title: UNKNOWN - Year 2015, Vol 4, Issue 3
Abstract
Nowadays, security breaches are greatly increasing in number. This is one of the major threats that are being faced by most organisations which usually lead to a massive loss. The major cause for these breaches could potentially be the vulnerabilities in software products. Though there are many standard secure coding standards like CERT (Computer Emergency Response Team), software developers fail to utilize them and this leads to an unsecured end product. The difficulty in manual analysis of vulnerabilities in source code is what leads to the evolution of automated analysis tools. Static and dynamic analyses are the two complementary methods used to detect vulnerabilities in source code. Static analysis scans the source code without executing it but dynamic analysis tests the code by executing it. Each has its own unique pros and cons. The proposed approach helps the developers to correct the vulnerabilities in their code by an integrated approach of static and dynamic analysis for C and C++. This eliminates the pros and cons of the existing practices and helps developers in the most efficient way. It deals with common buffer overflow vulnerabilities, format string vulnerabilities and improper input validation. The whole scenario is implemented as a web application.
Authors and Affiliations
Keywords
Related Articles
- EP ID EP357464
- DOI -
- Views 96
- Downloads 0
The Effectiveness of Administration and Co-curriculum in Sport to the Involvement of Students in Vocational College in Malaysia
This study aims to investigate the association between the level of commitment of vocational college directors and teachers with the knowledge and skill levels of management in managing co-curricular activities in vocati...
Application of Six Sigma Tool for Quality Improvement - A Case Study in Manufacturing Industry
Six Sigma and Total Quality Management are methods that help organizations improve product and service quality throughout their respective workplaces. Six Sigma and Total Quality Management each have their own venue that...
Automatic Attendance Management System Using Face Recognition
Being one of the most successful applications of the image processing, face recognition has a vital role in technical field especially in the field of security purpose. Human face recognition is an important field for ve...
The Analysis of Effect of Economic Value Added (EVA) and Market Value Added (MVA) on Share Price of Subsector Companies of Property Incorporated in LQ45 Indonesia Stock Exchange in Period of 2009-2013
"After the global crisis in 2008, the Indonesian economy grew higher with maintained stability. These numbers eventually push up asset prices, including property. The increase in property prices in turn increases the dem...
Developer SQL Scripts to Upgrade Database Schema
As life cycle of any software product does not remain same for long time because as time passes we required certain modification in existing product. In software database product it is difficult to do modification becaus...