How can I find security vulnerabilities in my source code?

The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code.

Source code security vulnerabilities will vary between languages and platforms.

Items to look for in C code include:

Potential vulnerability	Function calls to examine for vulnerabilities
Buffer overflows	gets(), scanf(), sprintf(), strcat(), strcpy()
Format string vulnerabilities	printf(), fprintf(), vprintf(), snprintf(), vsnprintf(), syslog()
Race conditions	access(), chown(), chgrp(), chmod(), mktemp(), tempnam(), tmpfile(), tmpnam()
Random number acquisition vulnerabilities	rand(), random()
Shell metacharacter vulnerabilities	exec(), popen(), system()

Automated Source Code Security Vulnerability Scanners

There are intelligent tools available to help you examine large amounts of source code for security vulnerabilities.

Tool	Description
Flawfinder	Examines source code and reports possible security vulnerabilities
RATS from Secure Software Solutions	Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities.
ITS4 from Cigital	Scans source code looking for potentially vulnerable function calls and preforms source code analysis to determine the level of risk
PScan	A limited problem scanner for C source files
BOON	Buffer Overrun detectiON
MOPS	MOdelchecking Programs for Security properties
Cqual	A tool for adding type qualifiers to C
MC	Meta-Level Compilation
SLAM	Microsoft
ESC/Java2	Extended Static Checking for Java version 2
Splint	Secure Programming Lint
MOPED	A Model-Checker for Pushdown Systems
JCAVE	JavaCard Applet Verification Environment
The Boop Toolkit	Utilizes abstraction and refinement to determine the reachability of program points in a C program
Blast	Berkeley Lazy Abstraction Software Verification Tool
Uno	Simple tool for source code analysis
PMD	Scans Java source code and looks for potential problems
C++ Test	Unit testing and static analysis tool

For more information regarding source code scanners, read Source Code Scanners for Better Code in the Linux Journal.

For more information regarding secure programming, read the Secure Programming for Linux and Unix HOWTO.

Find source code vulnerabilities in your code with the help of these books on secure programming from Amazon.com

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers.

Vulnerability Management for Dummies:

Explains the critical need for vulnerability management
Details the essential best-practice steps of a successful vulnerability management program
Outlines the various vulnerability management solutions - including the advantages and disadvantages of each
Highlights the award-winning QualysGuard vulnerability management solution
Provides a ten point checklist for removing vulnerabilities from your key resources

Try a free virus scan at Kaspersky today.