A Comparison of Open-Source Static Analysis Tools for Vulnerability Detection in C/C++ Code

2017 ◽  
Author(s):  
Andrei Arusoaie ◽  
Stefan Ciobaca ◽  
Vlad Craciun ◽  
Dragos Gavrilut ◽  
Dorel Lucanu
Keyword(s):  
Open Source ◽  
Static Analysis ◽  
Vulnerability Detection ◽  
Analysis Tools

scholarly journals Evaluation of SQL Injection Vulnerability Detection Tools

2019 ◽  
Vol 9 (1) ◽  
pp. 1747-1751
Keyword(s):  
Static Analysis ◽  
Web Applications ◽  
Source Code ◽  
False Negative ◽  
Vulnerability Detection ◽  
Sql Injection ◽  
User Input ◽  
Root Cause ◽  
Analysis Tools ◽  
Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

An evaluation of free/open source static analysis tools applied to embedded software

2010 ◽  
Author(s):  
Lucas Torri ◽  
Guilherme Fachini ◽  
Leonardo Steinfeld ◽  
Vesmar Camara ◽  
Luigi Carro ◽  
...  
Keyword(s):  
Open Source ◽  
Static Analysis ◽  
Embedded Software ◽  
Analysis Tools ◽  
Free Open Source

scholarly journals Detecting security vulnerabilities with static analysis – A case study

2021 ◽  
Keyword(s):  
Open Source ◽  
Static Analysis ◽  
Source Code ◽  
Performance Comparison ◽  
Test Suite ◽  
Study Analysis ◽  
Security Vulnerabilities ◽  
Analysis Tools ◽  
A Performance

Abstract Many security vulnerabilities can be detected by static analysis. This paper is a case study and a performance comparison of four open-source static analysis tools and plugins (PMD, SpotBugs, Find Security Bugs, and SonarQube) on Java source code. Experiments have been conducted on the widely used Juliet Test Suite with respect to six selected weaknesses from the official Top 25 list of Common Weakness Enumeration. In this study, analysis metrics have been calculated for helping Java developers decide which tools can be used when checking their programs for security vulnerabilities. It turned out that particular weaknesses are best detected with particular tools.

scholarly journals Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Roee S. Leon ◽  
Michael Kiperberg ◽  
Anat Anatey Leon Zabag ◽  
Nezer Jacob Zaidenberg
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Cyber Security ◽  
Malware Analysis ◽  
Analysis Tools ◽  
Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Sign in / Sign up

Export Citation Format

Share Document