Indian Journal of Science and Technology
Year: 2016, Volume: 9, Issue: 44, Pages: 1-4
Subburaj Ramasamy, Anuj Singh* and Deepak Singal
*Author for correspondence
Department of Information Technology, SRM University, Kattankulathur-603203, Tamil Nadu, India; [email protected]
Objectives: A vast multitude of application and systems programming is carried out in C or C++ programming languages. Even in programs written in languages such as Java, C libraries find wide use.Therefore, due to their ubiquitous presence, the security of C and C++ code is of paramount importance. Methods/ Statistical Analysis: A static analysis tool named “TraC++” was developed to detect security vulnerabilities in C and C++ programs. The tool uses a predefined and dynamically updated list of insecure coding constructs to check their presence in a given C/C++ code. Findings: The tool, developed in C#, was found to capture potential security vulnerabilities and insecure coding constructs in a given C/C++ program. A list of vulnerable constructs used in the code along with the line numbers in which they are present are the output provided by the tool. Furthermore, the tool provides suggestions as to how the vulnerable constructs can be replaced with better constructs. Application/Improvement: The tool can find use in static analysis for security violations in programs and libraries developed in the C/C++ programming languages.
Keywords: C/C++, Secure Coding, Security Vulnerabilities, Static Analysis
Subscribe now for latest articles and news.