« Previous 1 2 3 4
Static code analysis finds avoidable errors
At the Source
Virtue out of Necessity
If you want to get used to a thorough and clean programming style, going with Splint is undoubtedly a good idea – you will be in good company. Developers who also want to investigate every false positive thoroughly will find RATS a helpful companion.
In all cases, the results are important: enforcing quality assurance; rethinking and relearning from the constant, unyielding criticism of the check tools; and ensuring low-security-risk software. OpenBSD shows that static code analysis, reviews, and coding standards can make secure programming a reality, as evidenced by just two remotely exploitable security vulnerabilities in 20 years.
Infos
- Anderson, James P. Computer Security Technology Planning Study. Bedford (MA): Deputy for Command and Management Systems HQ Electronic Systems Division (AFSC), Technical Report ESD-TR-73-51, Vol. II, October 1972, https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/ande72.pdf
- "NT Web Technology Vulnerabilities" by rain.forest.puppy, Phrack Magazine , volume 8, issue 54, December 25, 1998, article 8, http://phrack.org/issues/54/8.html#article
- "Embedded Coding Standard" by Barr Group: https://barrgroup.com/Embedded-Systems/Books/Embedded-C-Coding-Standard/Introduction
- Uncrustify: http://uncrustify.sourceforge.net
- JSLint: http://www.jslint.com
- JavaScript tutorials: https://wiki.selfhtml.org/wiki/JavaScript/Tutorials/Einstieg/Einbindung_in_HTML
- JavaScript strings: https://www.w3schools.com/js/js_strings.asp
- CC BY-SA 3.0: https://creativecommons.org/licenses/by-sa/3.0/
- Splint: http://splint.org
- Hoare, C.A.R. An axiomatic basis for computer programming. Communications of the ACM , 1969;12(10):576-583, https://web.archive.org/web/20160304013345/http://www.spatial.maine.edu/~worboys/processes/hoare%20axiomatic.pdf
- RATS: https://github.com/andrew-d/rough-auditing-tool-for-security
- Coverity Static Application Security Testing (SAST): https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html
- Coverity Scan: https://scan.coverity.com
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Analysis tour with Binary Ninja
Binary analysis is an advanced technique used to work through cyberattacks and malware infestations and is also known as reverse engineering. We show you how to statically analyze binary programs with Binary Ninja, an interactive binary analysis platform. -
Kernel and driver development for the Linux kernel
The /proc filesystem facilitates the exchange of current data between the system and user. To access the data, you simply read and write to a file. This mechanism is the first step for understanding kernel programming. ü -
From debugging to exploiting
Kernel and compiler security techniques, together with sound programming practices, fend off memory corruption exploits. -
Tuning I/O Patterns in Python
In the third article of this three-part series, we look at simple write examples in Python and track the output with strace to see how it affects I/O patterns and performance.
-
Measuring the performance of code
We look at how to determine the performance of a segment of code.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
