Page 59 - Cyber Warnings
P. 59
A checker that detects a buffer overflow is augmented with analysis of data sources to see if
there is a connection to system inputs.
Discovering this connection means this overflow is not just a serious error, but a
potential security vulnerability too. An example of such a report from CodeSonar is below,
showing how it indicates sources of tainted data:
Figure 1: A buffer overrun warning where the underlining shows the effect of tainted data.
Software applications are complex and the data and control flow is equally complex and hard to
analyze without visualization tools.
Tracing tainted data sources to sinks is an import security audit technique that greatly reduces
the risk of vulnerabilities.
GrammaTech CodeSonar provides complete call and data graph analysis and highlights tainted
data source and sinks as illustrated below:
59 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
