• Main Menu
  • How to Find Security Vulnerabilities in Source Code


    The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code.

    Source code security vulnerabilities will vary between languages and platforms.

    Items to look for in C code include:

    Potential vulnerability Function calls to examine for vulnerabilities
    Buffer overflows gets(), scanf(), sprintf(), strcat(), strcpy()
    Format string vulnerabilities printf(), fprintf(), vprintf(), snprintf(), vsnprintf(), syslog()
    Race conditions access(), chown(), chgrp(), chmod(), mktemp(), tempnam(), tmpfile(), tmpnam()
    Random number acquisition vulnerabilities rand(), random()
    Shell metacharacter vulnerabilities exec(), popen(), system()

    Automated Source Code Security Vulnerability Scanners

    There are intelligent tools available to help you examine large amounts of source code for security vulnerabilities.

    The Boop ToolkitUtilizes abstraction and refinement to determine the reachability of program points in a C program

    Tool Description
    Flawfinder Examines source code and reports possible security vulnerabilities
    RATS from Secure Software Solutions Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities.
    PScan A limited problem scanner for C source files
    BOON Buffer Overrun detectiON
    MOPS MOdelchecking Programs for Security properties
    Cqual A tool for adding type qualifiers to C
    MC Meta-Level Compilation
    SLAM Microsoft
    ESC/Java2 Extended Static Checking for Java version 2
    Splint Secure Programming Lint
    Blast Berkeley Lazy Abstraction Software Verification Tool
    Uno Simple tool for source code analysis
    PMD Scans Java source code and looks for potential problems
    C++ Test Unit testing and static analysis tool

    For more information regarding source code scanners, read Source Code Scanners for Better Code in the Linux Journal.

    For more information regarding secure programming, read the Secure Programming for Linux and Unix HOWTO.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    Secure Programming
    174 queries in 0.443 seconds.