Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tools for Code Review Static Analysis Handles unfinished code

Published byKellie West Modified over 6 years ago

Similar presentations

Presentation on theme: "Tools for Code Review Static Analysis Handles unfinished code"— Presentation transcript:

1 Tools for Code Review Static Analysis Handles unfinished code
Can find backdoors Potentially complete Dynamic Analysis Run code Code not needed Has few(er) assumptions Covers end-to-end or system tests

2 Static Analysis tools Open Source Static Analysis tools
Cppcheck, Rough Auditing Tool for Security (RATS), Flawfinder, Evaluate, based on Efficiency Correctness Speed Understandability of the results

3 Results and Major Contributions
Outcome of students’ evaluation: Flawfinder is most Efficient Cppcheck is most Accurate of all RATS is Fastest and its Results understandability is good

4 Sample Vulnerabilities
SAMATE Reference Dataset (SRD) Search for common vulnerabilities Experiment with tools

Download ppt "Tools for Code Review Static Analysis Handles unfinished code"

Similar presentations

Tutorial 7 Exercises CH12 and CH17.

Tutorial 7 Exercises CH12 and CH17.
UPE Drives theme Giovanni Lo Calzo Gaurang Vakil University of Nottingham PEMC Group WP2: Converter Topologies for High Speed Drives Drives Topologies.

UPE Drives theme Giovanni Lo Calzo Gaurang Vakil University of Nottingham PEMC Group WP2: Converter Topologies for High Speed Drives Drives Topologies.
Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology

Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology
An Interactive-Voting Based Map Matching Algorithm

An Interactive-Voting Based Map Matching Algorithm
Kai H. Chang COMP 6710 Course NotesSlide ES- 1 Auburn University Computer Science and Software Engineering Course Notes : Examining the Specification Computer.

Kai H. Chang COMP 6710 Course NotesSlide ES- 1 Auburn University Computer Science and Software Engineering Course Notes : Examining the Specification Computer.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
How many possums and where? The National Possum Model James Shepherd & Mandy Barron.

How many possums and where? The National Possum Model James Shepherd & Mandy Barron.
Improving Static Analysis Results Accuracy Chris Wysopal CTO & Co-founder, Veracode SATE Summit October 1, 2010.

Improving Static Analysis Results Accuracy Chris Wysopal CTO & Co-founder, Veracode SATE Summit October 1, 2010.
Critical Analysis Presentation: T-Drive: Driving Directions based on Taxi Trajectories Authors of Paper: Jing Yuan, Yu Zheng, Chengyang Zhang, Weilei Xie,

Critical Analysis Presentation: T-Drive: Driving Directions based on Taxi Trajectories Authors of Paper: Jing Yuan, Yu Zheng, Chengyang Zhang, Weilei Xie,
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Simple Source Auditing Tools Roy INSA. Outline FLAWFINDER RATS.

Simple Source Auditing Tools Roy INSA. Outline FLAWFINDER RATS.
Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al.

Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al.
TGDC Meeting, July 2011 Voting System Software Assurance: SAMATE Automated Source Code Conformance Verification Study Michael Kass Computer Scientist,

TGDC Meeting, July 2011 Voting System Software Assurance: SAMATE Automated Source Code Conformance Verification Study Michael Kass Computer Scientist,
Evaluating Static Analysis Tools Dr. Paul E. Black

Evaluating Static Analysis Tools Dr. Paul E. Black
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.

Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.
Static Analysis for Security Amir Bazine Per Rehnberg.

Static Analysis for Security Amir Bazine Per Rehnberg.
Problem Solving Methodology

Problem Solving Methodology
Presented by Heorot.net.  Understand abilities and limitations of code reviews  Identify potentially “bad” code  Identify and use code review tools.

Presented by Heorot.net.  Understand abilities and limitations of code reviews  Identify potentially “bad” code  Identify and use code review tools.
Where Quality Talk is #1. QAP = Quality Assurance Program Transaction entry and approval moved from Business Affairs to Business Centers – Created a need.

Where Quality Talk is #1. QAP = Quality Assurance Program Transaction entry and approval moved from Business Affairs to Business Centers – Created a need.

Similar presentations

Ads by Google