How to Find Security Vulnerabilities in Source Code
The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code.
Source code security vulnerabilities will vary between languages and platforms.
Items to look for in C code include:
| Potential vulnerability | Function calls to examine for vulnerabilities |
|---|---|
| Buffer overflows | gets(), scanf(), sprintf(), strcat(), strcpy() |
| Format string vulnerabilities | printf(), fprintf(), vprintf(), snprintf(), vsnprintf(), syslog() |
| Race conditions | access(), chown(), chgrp(), chmod(), mktemp(), tempnam(), tmpfile(), tmpnam() |
| Random number acquisition vulnerabilities | rand(), random() |
| Shell metacharacter vulnerabilities | exec(), popen(), system() |
Automated Source Code Security Vulnerability Scanners
There are intelligent tools available to help you examine large amounts of source code for security vulnerabilities.
| Tool | Description |
|---|---|
| Flawfinder | Examines source code and reports possible security vulnerabilities |
| RATS from Secure Software Solutions | Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities. |
| ITS4 from Cigital | Scans source code looking for potentially vulnerable function calls and preforms source code analysis to determine the level of risk |
| PScan | A limited problem scanner for C source files |
| BOON | Buffer Overrun detectiON |
| MOPS | MOdelchecking Programs for Security properties |
| Cqual | A tool for adding type qualifiers to C |
| MC | Meta-Level Compilation |
| SLAM | Microsoft |
| ESC/Java2 | Extended Static Checking for Java version 2 |
| Splint | Secure Programming Lint |
| MOPED | A Model-Checker for Pushdown Systems |
| JCAVE | JavaCard Applet Verification Environment |
| The Boop Toolkit | Utilizes abstraction and refinement to determine the reachability of program points in a C program |
| Blast | Berkeley Lazy Abstraction Software Verification Tool |
| Uno | Simple tool for source code analysis |
| PMD | Scans Java source code and looks for potential problems |
| C++ Test | Unit testing and static analysis tool |
For more information regarding source code scanners, read Source Code Scanners for Better Code in the Linux Journal.
For more information regarding secure programming, read the Secure Programming for Linux and Unix HOWTO.
|
|
- Java Source Code
Java source code is code that you write in the Java programming language. Java source code is converted to Java bytecode by the Java compiler. Java source code files usually have the .java extension. Sun recommends that Java source code files be no longer than two thousand lines. Larger source code files should be split [...]...
- Car Radio Security Code
When it comes to automobile security, the world is raving about car radio security codes. Most people who use vehicles will often find a car radio security code which is already in use. They may not, however, know about it because different car manufacturers term them differently. They are popularly referred to as radio code, [...]...
- How to Reset a Kenwood Security Code
Four digit security codes protect Kenwood car stereos from theft. If a thief steals a Kenwood car stereo, he/she will not be able to use the stereo until the secret four digit security code is entered. Unfortunately, many legitimate owners are also locked out of their Kenwood car stereos due to these security codes. This [...]...
- Defining a Baseline Security Template
Security Templates Review A security template is collection of security configuration settings that can be applied to a domain controller, member server or a workstation. The settings within a security template control the security configuration of a computer through both local policies and group policies. A security template can be applied to a local computer, [...]...
- Top IT Security Threats
Security has always been a priority concern of IT professionals, especially the Chief Information Officers (CIOs) who hold ultimate responsibility for their company’s computer and Internet security. In the years since the Internet first came on the scene, the security scenario has undergone rapid changes and developments as threat and counter-threats have been developed and [...]...