Static Security Analysis Based on Input-Related Software Faults

Download Now Free registration required

Executive Summary

It is important to focus on security aspects during the development cycle to deliver reliable software. However, locating security faults in complex systems is difficult and there are only a few effective automatic tools available to help developers. In this paper, the authors present an approach to help developers locate vulnerabilities by marking parts of the source code that involve user input. They focus on inputrelated code, since an attacker can usually take advantage of vulnerabilities by passing malformed input to the application. The main contributions of this work are two metrics to help locate faults during a code review, and algorithms to locate buffer overflow and format string vulnerabilities in C source code.

  • Format: PDF
  • Size: 456.34 KB