Indian Journal of Science and Technology
Year: 2016, Volume: 9, Issue: 20, Pages: 1-4
R. Subburaj, Pooja U. Raikar* andS. P. Shruthi
Department of IT, SRM University, Kattankulathur - 603203, Tamil Nadu, India; [email protected], [email protected], [email protected]
*Author for correspondence
Pooja U. Raikar
Department of IT, SRM University, Kattankulathur - 603203, Tamil Nadu, India; , [email protected]
Background/Objectives: With ever increasing number and variety of security threats looming large that continually cause hassles to companies and governments, it is vital to ensure that the software applications are free from such vulnerabilities. The objective is to remove such vulnerabilities in applications coded in C/C++ programming languages conforming to ISO/ IEC standards, through static analysis and make the applications secure. Methods: Collected insecure coding constructs in C/C++ programming languages from authentic sources and created a repository of the same. Built a static analysis tool named “Vulnerability Reporter” to flag insecure coding constructs in the applications. The insecure coding constructs are identified by referring to the repository of vulnerabilities in C/C++ languages, prewritten to the tool. Findings: The tool parses the code and identifies and provides a report containing the vulnerable code in the given application along with their locations. It also provides suggestions for improvement of each potential vulnerability identified by the tool. The tool is scalable. Implementation/Application: The tool developed will find immense use in the academia and industry and will thereby enhance the security of application.
Keywords: Static Analysis, Dynamic Analysis, Proposed Solution
Subscribe now for latest articles and news.