Page 60 - Cyber Warnings
P. 60
Figure 2: A top-down view of the call graph of a program showing modules according to the
physical layout of code in files and directories. The red coloration shows the modules with the
most tainted data sources, and the blue “glow” shows modules with tainted data sinks.
Conclusion:
Assuming system inputs are well-formed and reasonable is dangerous, and when paired with
vulnerable code, can lead to system crashes, data exposure, and code injection/execution.
The automated tainted dataflow analysis and guidance that CodeSonar provides is essential to
discovering these serious vulnerabilities and fixing them efficiently.
About The Author
Bill Graham is a seasoned embedded software development
manager with years of development, technical product marketing
and product management experience.
Bill can be reached online at @Bill_Graham and at
http://iot.williamgraham.ca.
60 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
