SlideShare ist ein Scribd-Unternehmen logo

Software Security - Static Analysis Tools

Emanuela Boroș
Emanuela Boroș
Technologie
1 von 19
Downloaden Sie, um offline zu lesen
Software Security Static analysis tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
1. What is Static Analysis? 2. Static Analysis Advantages 3. Static Analysis Tools for C/C++, Java 4. Samples
What is Static Analysis?
What is Static Analysis? ● performed without actually executing or running that software ● performed by an automated tool
Static Analysis Advantages
Static Analysis Advantages ● improve the quality and reliability of embedded systems software ● significant reductions in development testing and field failures ● careful when large amount of code is used in the development projects
Static Analysis Advantages ● can detect ● buffer overflows, ● security vulnerabilities, ● memory leaks, ● timing anomalies (such as race conditions, deadlocks, and livelocks), ● dead or unused source code segments, ● and other common programming mistakes
Static Analysis Tools
Software Tool Domain Responsible Party Languages Platforms CodeSonar Commercial Grammatech C, C++ Windows Coverity Commercial Coverty, Inc. C, C++ Windows CodeSurfer Commercial Grammatech C, C++ Windows FlawFinder GPL David A. Wheeler C, C++ UNIX ITS4 Commercial Cigital C, C++ Linux, Solaris, Windows Java PathFinder Academic NASA Ames Java Any JVM compatible platform JLint Academic Konstantin Knizhnik Java Any JVM Cyrille Arthro compatible platform PREfix and Commercial Microsoft C, C++, C# Windows PREfast RATS Academic Secure Software C, C++ Windows, Unix Splint Academic University of Virginia, C Windows, Unix, Department of Linux Computer Science
C/C++
rats-2.3 ● Rough Auditing Tool for Security ● open source tool ● C, C++, Perl, PHP and Python source code ● rough analysis of source code ● manual inspection of the code is still necessary, but greatly aided with this tool
rats-2.3 ● error messages controlled by XML reporting filters (requires the XML tool expat to also be installed) ● configure the level of output ● alternative vulnerability databases ● buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions
rats-2.3 ● extremely simple ● scans through a file (lexically) looking for syntactic matches based on several simple rules that might indicate possible security vulnerabilities ● “use of strcpy() should be avoided”
rats-2.3 ● the use of greedy pattern matchings ● "printf" will match not only "print()" calls but also "vsnprintf()" ● authors of RATS and Flawfinder, by the way, plan to coordinate their development efforts to produce a high quality, open-source development tool
Usage rats [-d ] [-h] [-r] [-w ] [-x] [file1 file2 ... filen] Options explained: -d Specifies a vulnerability database to be loaded. You may have multiple -d options and each database specified will be loaded. -h Displays a brief usage summary -i Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report. -l Force the specified language to be used regardless of filename extension. Currently valid language names are "c", "perl", "php" and "python". -r Causes references to vulnerable function calls that are not being used as calls themselves to be reported. -w Sets the warning level. Valid levels are 1, 2 or 3. Warning level 1 includes only default and high severity Level 2 includes medium severity. Level 2 is the default warning level 3 includes low severity vulnerabilities. -x Causes the default vulnerability databases to not be loaded.
Samples Issue: fixed size global buffer Severity: High Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. int main(int argc, char *argv[]) { char dir[1024]; char cmd[1200]; char buff[1024];... Issue: sprintf Severity: High Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow. if (getenv("HOME") != NULL) { sprintf(dir, "%s", getenv("HOME")); }...
Samples Issue: strcpy Severity: High Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. if (argc == 2) { strcpy(dir, argv[1]); }
Caveats ● the lack of any preprocessing, so no macros or definitions are expanded #define p(x) printf ## x char *string1, *string2; /* stuff happens ... */ p((string1)); /* insecure! */ p((string2)); /* insecure! */ p(("%s", string1)); /* correct! */ ● produces only one error in the definition but not in the use of the macro ● insecure calls can be made multiple times, which will go unnoticed by the code scanner
Conclusions ● source code scanners can help improve the state of your code in development or afterwards ● these are tools help assist you in the auditing process, not automate it

Empfohlen

Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...
Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...
Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...Marcus Botacin
 
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorWindows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorPriyanka Aash
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Maksim Shudrak
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and CppcheckZachary Blair
 
Installation of PC-Lint and its using in Visual Studio 2005
Installation of PC-Lint and its using in Visual Studio 2005Installation of PC-Lint and its using in Visual Studio 2005
Installation of PC-Lint and its using in Visual Studio 2005PVS-Studio
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLintLeander Hasty
 

Empfohlen

Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...
Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...
Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malwa...Marcus Botacin
 
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorWindows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorPriyanka Aash
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Maksim Shudrak
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and CppcheckZachary Blair
 
Installation of PC-Lint and its using in Visual Studio 2005
Installation of PC-Lint and its using in Visual Studio 2005Installation of PC-Lint and its using in Visual Studio 2005
Installation of PC-Lint and its using in Visual Studio 2005PVS-Studio
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLintLeander Hasty
 
Dmitriy D1g1 Evdokimov - DBI Intro
Dmitriy D1g1 Evdokimov - DBI IntroDmitriy D1g1 Evdokimov - DBI Intro
Dmitriy D1g1 Evdokimov - DBI IntroDefconRussia
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Embedded Rust
Embedded RustEmbedded Rust
Embedded RustJens Siebert
 
20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)LeClubQualiteLogicielle
 
Alvaro Denis Resume
Alvaro Denis ResumeAlvaro Denis Resume
Alvaro Denis ResumeAlvaro Denis Acosta Quesada
 
Java Notes
Java Notes Java Notes
Java Notes Sreedhar Chowdam
 
Java Notes by C. Sreedhar, GPREC
Java Notes by C. Sreedhar, GPRECJava Notes by C. Sreedhar, GPREC
Java Notes by C. Sreedhar, GPRECSreedhar Chowdam
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource KernelsSilvio Cesare
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Stage 1 Tradecraft
Stage 1 TradecraftStage 1 Tradecraft
Stage 1 Tradecraftmatt806068
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationMalachi Jones
 
Security tools
Security toolsSecurity tools
Security toolsSwapnil Srivastav PMP®
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Graeme Jenkinson
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Codemotion
 
Open64 compiler
Open64 compilerOpen64 compiler
Open64 compilerMaria Akther
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Weitere ähnliche Inhalte

Ähnlich wie Software Security - Static Analysis Tools

Dmitriy D1g1 Evdokimov - DBI Intro
Dmitriy D1g1 Evdokimov - DBI IntroDmitriy D1g1 Evdokimov - DBI Intro
Dmitriy D1g1 Evdokimov - DBI IntroDefconRussia
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)LeClubQualiteLogicielle
 
Java Notes by C. Sreedhar, GPREC
Java Notes by C. Sreedhar, GPRECJava Notes by C. Sreedhar, GPREC
Java Notes by C. Sreedhar, GPRECSreedhar Chowdam
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource KernelsSilvio Cesare
 
Stage 1 Tradecraft
Stage 1 TradecraftStage 1 Tradecraft
Stage 1 Tradecraftmatt806068
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationMalachi Jones
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Graeme Jenkinson
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Codemotion
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 

Ähnlich wie Software Security - Static Analysis Tools (20)

Dmitriy D1g1 Evdokimov - DBI Intro
Dmitriy D1g1 Evdokimov - DBI IntroDmitriy D1g1 Evdokimov - DBI Intro
Dmitriy D1g1 Evdokimov - DBI Intro
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
Embedded Rust
Embedded RustEmbedded Rust
Embedded Rust
 
20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)
 
Alvaro Denis Resume
Alvaro Denis ResumeAlvaro Denis Resume
Alvaro Denis Resume
 
Java Notes
Java Notes Java Notes
Java Notes
 
Java Notes by C. Sreedhar, GPREC
Java Notes by C. Sreedhar, GPRECJava Notes by C. Sreedhar, GPREC
Java Notes by C. Sreedhar, GPREC
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
 
Software security
Software securitySoftware security
Software security
 
Stage 1 Tradecraft
Stage 1 TradecraftStage 1 Tradecraft
Stage 1 Tradecraft
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_Exploitation
 
Security tools
Security toolsSecurity tools
Security tools
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
 
Open64 compiler
Open64 compilerOpen64 compiler
Open64 compiler
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 

Kürzlich hochgeladen

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Software Security - Static Analysis Tools

  • 1. Software Security Static analysis tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
  • 2. 1. What is Static Analysis? 2. Static Analysis Advantages 3. Static Analysis Tools for C/C++, Java 4. Samples
  • 3. What is Static Analysis?
  • 4. What is Static Analysis? ● performed without actually executing or running that software ● performed by an automated tool
  • 6. Static Analysis Advantages ● improve the quality and reliability of embedded systems software ● significant reductions in development testing and field failures ● careful when large amount of code is used in the development projects
  • 7. Static Analysis Advantages ● can detect ● buffer overflows, ● security vulnerabilities, ● memory leaks, ● timing anomalies (such as race conditions, deadlocks, and livelocks), ● dead or unused source code segments, ● and other common programming mistakes
  • 9. Software Tool Domain Responsible Party Languages Platforms CodeSonar Commercial Grammatech C, C++ Windows Coverity Commercial Coverty, Inc. C, C++ Windows CodeSurfer Commercial Grammatech C, C++ Windows FlawFinder GPL David A. Wheeler C, C++ UNIX ITS4 Commercial Cigital C, C++ Linux, Solaris, Windows Java PathFinder Academic NASA Ames Java Any JVM compatible platform JLint Academic Konstantin Knizhnik Java Any JVM Cyrille Arthro compatible platform PREfix and Commercial Microsoft C, C++, C# Windows PREfast RATS Academic Secure Software C, C++ Windows, Unix Splint Academic University of Virginia, C Windows, Unix, Department of Linux Computer Science
  • 10. C/C++
  • 11. rats-2.3 ● Rough Auditing Tool for Security ● open source tool ● C, C++, Perl, PHP and Python source code ● rough analysis of source code ● manual inspection of the code is still necessary, but greatly aided with this tool
  • 12. rats-2.3 ● error messages controlled by XML reporting filters (requires the XML tool expat to also be installed) ● configure the level of output ● alternative vulnerability databases ● buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions
  • 13. rats-2.3 ● extremely simple ● scans through a file (lexically) looking for syntactic matches based on several simple rules that might indicate possible security vulnerabilities ● “use of strcpy() should be avoided”
  • 14. rats-2.3 ● the use of greedy pattern matchings ● "printf" will match not only "print()" calls but also "vsnprintf()" ● authors of RATS and Flawfinder, by the way, plan to coordinate their development efforts to produce a high quality, open-source development tool
  • 15. Usage rats [-d ] [-h] [-r] [-w ] [-x] [file1 file2 ... filen] Options explained: -d Specifies a vulnerability database to be loaded. You may have multiple -d options and each database specified will be loaded. -h Displays a brief usage summary -i Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report. -l Force the specified language to be used regardless of filename extension. Currently valid language names are "c", "perl", "php" and "python". -r Causes references to vulnerable function calls that are not being used as calls themselves to be reported. -w Sets the warning level. Valid levels are 1, 2 or 3. Warning level 1 includes only default and high severity Level 2 includes medium severity. Level 2 is the default warning level 3 includes low severity vulnerabilities. -x Causes the default vulnerability databases to not be loaded.
  • 16. Samples Issue: fixed size global buffer Severity: High Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. int main(int argc, char *argv[]) { char dir[1024]; char cmd[1200]; char buff[1024];... Issue: sprintf Severity: High Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow. if (getenv("HOME") != NULL) { sprintf(dir, "%s", getenv("HOME")); }...
  • 17. Samples Issue: strcpy Severity: High Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. if (argc == 2) { strcpy(dir, argv[1]); }
  • 18. Caveats ● the lack of any preprocessing, so no macros or definitions are expanded #define p(x) printf ## x char *string1, *string2; /* stuff happens ... */ p((string1)); /* insecure! */ p((string2)); /* insecure! */ p(("%s", string1)); /* correct! */ ● produces only one error in the definition but not in the use of the macro ● insecure calls can be made multiple times, which will go unnoticed by the code scanner
  • 19. Conclusions ● source code scanners can help improve the state of your code in development or afterwards ● these are tools help assist you in the auditing process, not automate it