Performing a Security Audit with CodeSonar
In this tutorial, we describe how to approach security auditing, using CodeSonar.
Other content on this topic
What's New in CodeSonar 4.5?
INTRODUCTION: The latest release of CodeSonar, version 4.5, has updates in key areas and innovations that include detecting insider attacks, a new Python API, and compiler model...
CodeSonar Enters the World of iOS and Objective-C
INTRODUCTION: A new version of GrammaTech CodeSonar is adding Objective-C support to its suite of supported languages. CodeSonar’s advanced static analysis capabilities gives iOS...
The Role of Static Analysis in ISA/IEC 62443 Secure Product Development Lifecycle
INTRODUCTION: The ISA/IEC 62443 standard (formerly ISA 99) is a set of process standards for secure development of products in industrial automation and control. A list of popular...
Reducing Risk and Costs of DO-178B and DO-178C Certification with Static Analysis
INTRODUCTION: DO-178C – “Software Considerations in Airborne Systems and Equipment Certification” – provides production guidelines for software that is to be used in airborne systems,...
Accelerating Automotive Software Safety with MISRA and Static Analysis
INTRODUCTION: The MISRA C/C++ coding guidelines were created based on concerns about the ability to safely use the C and C++ programming languages in critical automotive systems. Since...
The Minefields of MISRA Coverage
INTRODUCTION: Modern static analysis tools are typically used for two main purposes: finding bugs, and finding violations of coding standards. The primary purpose...
Static Analysis, Safety-Critical Railway Software, and EN 50128
INTRODUCTION: Transportation systems and, in particular, railway systems, are growing markets that increasingly rely on software for command, communication, and control. Due to the...
How Static Analysis Can Accelerate Software Safety Certification
INTRODUCTION: Software safety certification is both an old and new reality in the embedded systems world. Developers of devices such as avionics systems have been using strict...
Static Analysis and IEC 62304
INTRODUCTION: The IEC/ISO 62304 standard defines a risk and quality driven software development process for medical device software. The standard emerged from a recognition that...
GrammaTech Announces First Fully Compatible Static-Analysis Tool for MITRE's Common Weakness Enumeration Security Standard
ITHACA, NY — GrammaTech, Inc., a leading provider of source-code analysis tools, declared today that CodeSonar Enterprise is the first static-analysis tool that is compatible with all...