• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology


Indian Journal of Science and Technology

Year: 2016, Volume: 9, Issue: 20, Pages: 1-4

Original Article

Static Analysis of Security Vulnerabilities in C/C++ Applications


Background/Objectives: With ever increasing number and variety of security threats looming large that continually cause hassles to companies and governments, it is vital to ensure that the software applications are free from such vulnerabilities. The objective is to remove such vulnerabilities in applications coded in C/C++ programming languages conforming to ISO/ IEC standards, through static analysis and make the applications secure. Methods: Collected insecure coding constructs in C/C++ programming languages from authentic sources and created a repository of the same. Built a static analysis tool named “Vulnerability Reporter” to flag insecure coding constructs in the applications. The insecure coding constructs are identified by referring to the repository of vulnerabilities in C/C++ languages, prewritten to the tool. Findings: The tool parses the code and identifies and provides a report containing the vulnerable code in the given application along with their locations. It also provides suggestions for improvement of each potential vulnerability identified by the tool. The tool is scalable. Implementation/Application: The tool developed will find immense use in the academia and industry and will thereby enhance the security of application.

Keywords: Static Analysis, Dynamic Analysis, Proposed Solution


Subscribe now for latest articles and news.