SlideShare ist ein Scribd-Unternehmen logo

Flaw Finder

A
AlexandraLacatus
BildungTechnologie
1 von 13
Downloaden Sie, um offline zu lesen
FlawFinder alexandra.lacatus@info.uaic.ro FCS Iasi, Software Engineering
About  Examines source code and reports possible     2 security weaknesses (“flaws”) Written in python Can be accessed via command-line interface, no GUI Categorizes issues by risk level Similar to RATS, PScan and ITS4 Software Security, FCS Iasi, 2013
How does it work Based on a build-in database (ruleset) of C/C++ functions with well known problems:  Buffer overflow risks (strcpy, strcat, gets, sprintf, scanf)  Format string problems(printf, snprintf, syslog)  Race conditions (access, chown, chgrp, chmod, etc)  Potential shell metacharacter dangers (exec, system, popen)  Poor random number acquisition(random) 3 Software Security, FCS Iasi, 2013
Usage flawfinder [--help] [--context] [--columns] [--html] [--dataonly] [--minlevel] [--immediate] 4 [--inputs] [ --diffhitlist=F ] [--neverignore] [--listrules] [ --patch=F ] [ source code file or source root [--quiet] directory ]+ [--singleline] [--loadhitlist=F ] [--savehitlist=F ] Software Security, FCS Iasi, 2013
1. Buffer Overflow strcpy (a, b); Risk level 4: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused) strncpy (a, b, sizeof(b)); Risk level 1: Easily used incorrectly; doesn’t always 0terminate or check for invalid pointers. 5 Software Security, FCS Iasi, 2013
2. Uncontrolled format string printf(a); Risk level 4: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. printf(“%s”, a); No level / Level 0: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. Constant format string, so not considered very risky (there’s some residual risk, especially in a loop). 6 Software Security, FCS Iasi, 2013
3. Shell metacharacter dangers CreateProcess(NULL, "C:Program FilesGoodGuyGoodGuy.exe -x", ""); Risk level 3: This causes a new process to execute and is difficult to use safely. Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. 7 Software Security, FCS Iasi, 2013
4. Race conditions FILE* f = fopen("/etc/passwd", "r"); Risk level 2: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? 8 Software Security, FCS Iasi, 2013
Comparison: RATS  Supports C, C++, Perl, PHP, Python  Written in C, uses flex & Expat  Detects Buffer Overflows, Format String Problems, Shell Executions, Insecure Tmpfiles, Race Conditions, Access Violations, Weak Random, User Input  As output, RATS prints problems sorted by severity, by function name, file and line number, followed by an explanation of the problem 9 Software Security, FCS Iasi, 2013
Comparison: PScan  Supports only C  Written in C, uses flex  Detects Format string problems in printf-style C- Functions  The output consists just in the filename and linenumber of the potential issue 10 Software Security, FCS Iasi, 2013
Comparison: ITS4  Supports C and C++  Written in C, uses just a C compiler  Detects Buffer Overflows, Format String Problems, Shell Executions, TOCTOU, Usage of weak random number generation, User Input  The output prints the filename, line-number and the name of the found function and also a short description of the issue and other suggestions. 11 Software Security, FCS Iasi, 2013
FlawFinder: Advantages  Lightweight  Can ignore comments and understands FlawFinder directives (like FlawFinder: ignore)  Can use diffs as input and can manage hitlists  Written in python, does not require additional tools or dependencies  Open source software 12 Software Security, FCS Iasi, 2013
Bibliography  FlawFinder homepage - http://www.dwheeler.com/flawfinder/  Martin Johns, A Practical Guide to Vulnerability Checkers, Secologic Project http://www.secologic.org/downloads/testing/0603 13_secologic_a_prcatical_guide_to_vulnerability_ checkers.pdf 13 Software Security, FCS Iasi, 2013

Empfohlen

Serving ML easily with FastAPI - meme version
Serving ML easily with FastAPI - meme versionServing ML easily with FastAPI - meme version
Serving ML easily with FastAPI - meme versionSebastián Ramírez Montaño
 
Advanced Debugging with GDB
Advanced Debugging with GDBAdvanced Debugging with GDB
Advanced Debugging with GDBDavid Khosid
 
CGI Presentation
CGI PresentationCGI Presentation
CGI PresentationSopan Shewale
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShellSalaudeen Rajack
 
Http methods
Http methodsHttp methods
Http methodsmaamir farooq
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and responseSahil Agarwal
 
Introduction to API
Introduction to APIIntroduction to API
Introduction to APIrajnishjha29
 

Empfohlen

Serving ML easily with FastAPI - meme version
Serving ML easily with FastAPI - meme versionServing ML easily with FastAPI - meme version
Serving ML easily with FastAPI - meme versionSebastián Ramírez Montaño
 
Advanced Debugging with GDB
Advanced Debugging with GDBAdvanced Debugging with GDB
Advanced Debugging with GDBDavid Khosid
 
CGI Presentation
CGI PresentationCGI Presentation
CGI PresentationSopan Shewale
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShellSalaudeen Rajack
 
Http methods
Http methodsHttp methods
Http methodsmaamir farooq
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and responseSahil Agarwal
 
Introduction to API
Introduction to APIIntroduction to API
Introduction to APIrajnishjha29
 
Shell Scripting in Linux
Shell Scripting in LinuxShell Scripting in Linux
Shell Scripting in LinuxAnu Chaudhry
 
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJSAn Abusive Relationship with AngularJS
An Abusive Relationship with AngularJSMario Heiderich
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Observability with Consul Connect
Observability with Consul ConnectObservability with Consul Connect
Observability with Consul ConnectBram Vogelaar
 
NMap
NMapNMap
NMapPritesh Raka
 
Q2.12: Debugging with GDB
Q2.12: Debugging with GDBQ2.12: Debugging with GDB
Q2.12: Debugging with GDBLinaro
 
PowerShell-1
PowerShell-1PowerShell-1
PowerShell-1Saravanan G
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
Web assembly 맛보기
Web assembly 맛보기Web assembly 맛보기
Web assembly 맛보기GyeongSeok Seo
 
JavaScript - An Introduction
JavaScript - An IntroductionJavaScript - An Introduction
JavaScript - An IntroductionManvendra Singh
 
Rust vs C++
Rust vs C++Rust vs C++
Rust vs C++corehard_by
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overviewAmeer Sameer
 
Introduction to Ruby
Introduction to RubyIntroduction to Ruby
Introduction to Rubykim.mens
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them AllTim Fairweather
 
jQuery for beginners
jQuery for beginnersjQuery for beginners
jQuery for beginnersArulmurugan Rajaraman
 
Shell scripting
Shell scriptingShell scripting
Shell scriptingAshrith Mekala
 
Go Programming language, golang
Go Programming language, golangGo Programming language, golang
Go Programming language, golangBasil N G
 
Apache Flink Training: DataStream API Part 2 Advanced
Apache Flink Training: DataStream API Part 2 Advanced Apache Flink Training: DataStream API Part 2 Advanced
Apache Flink Training: DataStream API Part 2 Advanced Flink Forward
 
Home assistant
Home assistantHome assistant
Home assistantMarian Marinov
 
Introduction to jQuery
Introduction to jQueryIntroduction to jQuery
Introduction to jQueryZeeshan Khan
 
Software Security - Static Analysis Tools
Software Security - Static Analysis ToolsSoftware Security - Static Analysis Tools
Software Security - Static Analysis ToolsEmanuela Boroș
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowEvgeni Tsonev
 

Weitere ähnliche Inhalte

Was ist angesagt?

Shell Scripting in Linux
Shell Scripting in LinuxShell Scripting in Linux
Shell Scripting in LinuxAnu Chaudhry
 
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJSAn Abusive Relationship with AngularJS
An Abusive Relationship with AngularJSMario Heiderich
 
Observability with Consul Connect
Observability with Consul ConnectObservability with Consul Connect
Observability with Consul ConnectBram Vogelaar
 
Q2.12: Debugging with GDB
Q2.12: Debugging with GDBQ2.12: Debugging with GDB
Q2.12: Debugging with GDBLinaro
 
Web assembly 맛보기
Web assembly 맛보기Web assembly 맛보기
Web assembly 맛보기GyeongSeok Seo
 
JavaScript - An Introduction
JavaScript - An IntroductionJavaScript - An Introduction
JavaScript - An IntroductionManvendra Singh
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overviewAmeer Sameer
 
Introduction to Ruby
Introduction to RubyIntroduction to Ruby
Introduction to Rubykim.mens
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them AllTim Fairweather
 
Go Programming language, golang
Go Programming language, golangGo Programming language, golang
Go Programming language, golangBasil N G
 
Apache Flink Training: DataStream API Part 2 Advanced
Apache Flink Training: DataStream API Part 2 Advanced Apache Flink Training: DataStream API Part 2 Advanced
Apache Flink Training: DataStream API Part 2 Advanced Flink Forward
 
Introduction to jQuery
Introduction to jQueryIntroduction to jQuery
Introduction to jQueryZeeshan Khan
 

Was ist angesagt? (20)

Shell Scripting in Linux
Shell Scripting in LinuxShell Scripting in Linux
Shell Scripting in Linux
 
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJSAn Abusive Relationship with AngularJS
An Abusive Relationship with AngularJS
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Observability with Consul Connect
Observability with Consul ConnectObservability with Consul Connect
Observability with Consul Connect
 
NMap
NMapNMap
NMap
 
Q2.12: Debugging with GDB
Q2.12: Debugging with GDBQ2.12: Debugging with GDB
Q2.12: Debugging with GDB
 
PowerShell-1
PowerShell-1PowerShell-1
PowerShell-1
 
Nmap
NmapNmap
Nmap
 
Web assembly 맛보기
Web assembly 맛보기Web assembly 맛보기
Web assembly 맛보기
 
JavaScript - An Introduction
JavaScript - An IntroductionJavaScript - An Introduction
JavaScript - An Introduction
 
Rust vs C++
Rust vs C++Rust vs C++
Rust vs C++
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overview
 
Introduction to Ruby
Introduction to RubyIntroduction to Ruby
Introduction to Ruby
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them All
 
jQuery for beginners
jQuery for beginnersjQuery for beginners
jQuery for beginners
 
Shell scripting
Shell scriptingShell scripting
Shell scripting
 
Go Programming language, golang
Go Programming language, golangGo Programming language, golang
Go Programming language, golang
 
Apache Flink Training: DataStream API Part 2 Advanced
Apache Flink Training: DataStream API Part 2 Advanced Apache Flink Training: DataStream API Part 2 Advanced
Apache Flink Training: DataStream API Part 2 Advanced
 
Home assistant
Home assistantHome assistant
Home assistant
 
Introduction to jQuery
Introduction to jQueryIntroduction to jQuery
Introduction to jQuery
 

Ähnlich wie Flaw Finder

Software Security - Static Analysis Tools
Software Security - Static Analysis ToolsSoftware Security - Static Analysis Tools
Software Security - Static Analysis ToolsEmanuela Boroș
 
2.Format Strings
2.Format Strings2.Format Strings
2.Format Stringsphanleson
 
Automated Security Analysis Made Easy
Automated Security Analysis Made EasyAutomated Security Analysis Made Easy
Automated Security Analysis Made EasyJulian Thome
 
Operating system concepts
Operating system conceptsOperating system concepts
Operating system conceptsGreen Ecosystem
 
Session9-File Upload Security
Session9-File Upload SecuritySession9-File Upload Security
Session9-File Upload Securityzakieh alizadeh
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...Alexey Smirnov
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
 
Secure programming - Computer and Network Security
Secure programming - Computer and Network SecuritySecure programming - Computer and Network Security
Secure programming - Computer and Network Securityssuser30902e
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Rod Soto
 
Format string vunerability
Format string vunerabilityFormat string vunerability
Format string vunerabilitynuc13us
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secureIMMUNIO
 
File management in C++
File management in C++File management in C++
File management in C++apoorvaverma33
 
Core Java Programming Language (JSE) : Chapter XI - Console I/O and File I/O
Core Java Programming Language (JSE) : Chapter XI - Console I/O and File I/OCore Java Programming Language (JSE) : Chapter XI - Console I/O and File I/O
Core Java Programming Language (JSE) : Chapter XI - Console I/O and File I/OWebStackAcademy
 

Ähnlich wie Flaw Finder (20)

Software Security - Static Analysis Tools
Software Security - Static Analysis ToolsSoftware Security - Static Analysis Tools
Software Security - Static Analysis Tools
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
2.Format Strings
2.Format Strings2.Format Strings
2.Format Strings
 
Automated Security Analysis Made Easy
Automated Security Analysis Made EasyAutomated Security Analysis Made Easy
Automated Security Analysis Made Easy
 
Operating system concepts
Operating system conceptsOperating system concepts
Operating system concepts
 
Session9-File Upload Security
Session9-File Upload SecuritySession9-File Upload Security
Session9-File Upload Security
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzers
 
Nullbyte 6ed. 2019
Nullbyte 6ed. 2019Nullbyte 6ed. 2019
Nullbyte 6ed. 2019
 
Rust Hack
Rust HackRust Hack
Rust Hack
 
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
 
Secure programming - Computer and Network Security
Secure programming - Computer and Network SecuritySecure programming - Computer and Network Security
Secure programming - Computer and Network Security
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms
 
Format string vunerability
Format string vunerabilityFormat string vunerability
Format string vunerability
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secure
 
file_handling_in_c.ppt
file_handling_in_c.pptfile_handling_in_c.ppt
file_handling_in_c.ppt
 
File management in C++
File management in C++File management in C++
File management in C++
 
Core Java Programming Language (JSE) : Chapter XI - Console I/O and File I/O
Core Java Programming Language (JSE) : Chapter XI - Console I/O and File I/OCore Java Programming Language (JSE) : Chapter XI - Console I/O and File I/O
Core Java Programming Language (JSE) : Chapter XI - Console I/O and File I/O
 

Kürzlich hochgeladen

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Kürzlich hochgeladen (20)

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Flaw Finder

  • 2. About  Examines source code and reports possible     2 security weaknesses (“flaws”) Written in python Can be accessed via command-line interface, no GUI Categorizes issues by risk level Similar to RATS, PScan and ITS4 Software Security, FCS Iasi, 2013
  • 3. How does it work Based on a build-in database (ruleset) of C/C++ functions with well known problems:  Buffer overflow risks (strcpy, strcat, gets, sprintf, scanf)  Format string problems(printf, snprintf, syslog)  Race conditions (access, chown, chgrp, chmod, etc)  Potential shell metacharacter dangers (exec, system, popen)  Poor random number acquisition(random) 3 Software Security, FCS Iasi, 2013
  • 4. Usage flawfinder [--help] [--context] [--columns] [--html] [--dataonly] [--minlevel] [--immediate] 4 [--inputs] [ --diffhitlist=F ] [--neverignore] [--listrules] [ --patch=F ] [ source code file or source root [--quiet] directory ]+ [--singleline] [--loadhitlist=F ] [--savehitlist=F ] Software Security, FCS Iasi, 2013
  • 5. 1. Buffer Overflow strcpy (a, b); Risk level 4: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused) strncpy (a, b, sizeof(b)); Risk level 1: Easily used incorrectly; doesn’t always 0terminate or check for invalid pointers. 5 Software Security, FCS Iasi, 2013
  • 6. 2. Uncontrolled format string printf(a); Risk level 4: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. printf(“%s”, a); No level / Level 0: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. Constant format string, so not considered very risky (there’s some residual risk, especially in a loop). 6 Software Security, FCS Iasi, 2013
  • 7. 3. Shell metacharacter dangers CreateProcess(NULL, "C:Program FilesGoodGuyGoodGuy.exe -x", ""); Risk level 3: This causes a new process to execute and is difficult to use safely. Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. 7 Software Security, FCS Iasi, 2013
  • 8. 4. Race conditions FILE* f = fopen("/etc/passwd", "r"); Risk level 2: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? 8 Software Security, FCS Iasi, 2013
  • 9. Comparison: RATS  Supports C, C++, Perl, PHP, Python  Written in C, uses flex & Expat  Detects Buffer Overflows, Format String Problems, Shell Executions, Insecure Tmpfiles, Race Conditions, Access Violations, Weak Random, User Input  As output, RATS prints problems sorted by severity, by function name, file and line number, followed by an explanation of the problem 9 Software Security, FCS Iasi, 2013
  • 10. Comparison: PScan  Supports only C  Written in C, uses flex  Detects Format string problems in printf-style C- Functions  The output consists just in the filename and linenumber of the potential issue 10 Software Security, FCS Iasi, 2013
  • 11. Comparison: ITS4  Supports C and C++  Written in C, uses just a C compiler  Detects Buffer Overflows, Format String Problems, Shell Executions, TOCTOU, Usage of weak random number generation, User Input  The output prints the filename, line-number and the name of the found function and also a short description of the issue and other suggestions. 11 Software Security, FCS Iasi, 2013
  • 12. FlawFinder: Advantages  Lightweight  Can ignore comments and understands FlawFinder directives (like FlawFinder: ignore)  Can use diffs as input and can manage hitlists  Written in python, does not require additional tools or dependencies  Open source software 12 Software Security, FCS Iasi, 2013
  • 13. Bibliography  FlawFinder homepage - http://www.dwheeler.com/flawfinder/  Martin Johns, A Practical Guide to Vulnerability Checkers, Secologic Project http://www.secologic.org/downloads/testing/0603 13_secologic_a_prcatical_guide_to_vulnerability_ checkers.pdf 13 Software Security, FCS Iasi, 2013