Static Analysis Tools for Security: A Comparative Evaluation
نویسندگان
چکیده
Static analysis tools check the software for potential vulnerabilities and hence software security is improved with their usage. They prevent a wide range of difficulties those one can face at a later stage, in case, the flaws are not detected at an early stage in Software Development Life Cycle. For static analysis, a number of static analysis tools are available nowadays, which include both commercial as well as open source tools. Their comparative analysis is required for the users so that they can make their choice according to their requirements. This paper differentiates 3 open source tools used for static analysis for security: Cppcheck, RATS, Flawfinder. The comparative evaluation is done on different parameters analyzed on executing demo codes with intentionally introduced
منابع مشابه
On the capability of static code analysis to detect security vulnerabilities
Context: Static analysis of source code is a scalable method for discovery of software faults and security vulnerabilities. Techniques for static code analysis have matured in the last decade and many tools have been developed to support automatic detection. Objective: This research work is focused on empirical evaluation of the ability of static code analysis tools to detect security vulnerabi...
متن کاملStatic Security Constrained Generation Scheduling Using Sensitivity Characteristics of Neural Network
This paper proposes a novel approach for generation scheduling using sensitivitycharacteristic of a Security Analyzer Neural Network (SANN) for improving static securityof power system. In this paper, the potential overloading at the post contingency steadystateassociated with each line outage is proposed as a security index which is used forevaluation and enhancement of system static security....
متن کاملA Comparative Analysis of Tools for Verification of Security Protocols
The area of formal verification of protocols has gained substantial importance in the recent years. The research results and subsequent applications have amply demonstrated that the formal verification tools have indeed helped correct the protocols even after being standardized. However, the standard protocol verification tools and techniques do not verify the security properties of a cryptogra...
متن کاملThe Need for Fourth Generation Static Analysis Tools for Security – From Bugs to Flaws
This paper discusses some of the limitations of the current (third) generation static code analyzers for security available on the market today and gives reasons for the plateau in their usefulness to a code reviewer. We further describe some of the characteristics of the next generation static analysis technology that will enable a new quantum leap in the space of static analysis with tools th...
متن کاملSAMATE and Evaluating Static Analysis Tools
We give some background on the Software Assurance Metrics And Tool Evaluation (SAMATE) project and our decision to work on static source code security analyzers. We give our experience bringing government, vendors, and users together to develop a specification and tests to evaluate such analyzers. We also present preliminary results of our study on whether such tools reduce vulnerabilities in p...
متن کامل