1 / 7

Simple Source Auditing Tools

Explore two powerful source code auditing tools - Flawfinder and RATS - for identifying vulnerabilities in C, C++, Perl, PHP, and Python programming languages. These tools help developers detect potential security flaws, such as input validation problems, and ensure the overall security of their software.

nevina
Download Presentation

Simple Source Auditing Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Simple Source Auditing Tools Roy INSA

  2. Outline • FLAWFINDER • RATS

  3. Environment Operating System • Linux Requite Computers • One Computer

  4. Environment • CERT® Advisory CA-2000-13 Two Input Validation Problems In FTPD • Systems Affected:Any system running wu-ftpd 2.6.0 or earlier • “ftp daemon may be tricked into executing arbitrary code as root“ • http://wu-ftpd.theomnistore.com/wu-ftpd-attic/wu-ftpd-2.6.0.tar.gz

  5. Flawfinder • Check C and C++ programming vulnerability • http://www.dwheeler.com/flawfinder/ 1 2 3 4 5 Low High

  6. RATS Install expat • C,C++ • Perl • PHP • Python • http://www.securesw.com/rats/rats-2.1.tar.gz • XML parser library http://expat.sourceforge.net/ Compiler rats

  7. Summery Timing Lazy Convenient • Programmer

More Related