Tainted Data Analysis in CodeSonar
What is tainted data analysis? How can you leverage taint analysis to find anomalous or unstructured data that can be used by attackers to gain access or crash an application? The questions answered and more.
Other content on this topic
Eliminating the Danger of Uninitialized Variables
INTRODUCTION: An uninitialized variable has an undefined value, often corresponding to the data that was already in the particular memory location that the variable is using. This can...
Thwarting Insider Attacks with Advanced Static Analysis
INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...
Why Everyone's Talking about Agile Development (And You Should Be Too)
INTRODUCTION: Agile, Scrum and DevOps are hot topics in software development but are teams really achieving the goals of these new approaches? Management isn’t convinced, a recent...
The Role of Static Analysis in ISA/IEC 62443 Secure Product Development Lifecycle
INTRODUCTION: The ISA/IEC 62443 standard (formerly ISA 99) is a set of process standards for secure development of products in industrial automation and control. A list of popular...
New Features of C++17
Since C++11, WG21 (the ISO designation for the C++ Standards Committee) has been focusing on shipping a new standard every three years. The standard is comprised of two primary parts:...
Thwarting Insider Attacks with Advanced Static Analysis
INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...
Using CodeSonar for Software Supply Chain Risk Management
The software supply chain is a growing concern in software development. Security, in particular, of third party software is a risk that needs to be evaluated and managed. Binary code...
Domain Specific and Custom Error Checking in Advanced Static Analysis Tools
INTRODUCTION: Static analysis tools ship with a default set of error checkers that cover the most common and important types of errors. However, projects often benefit from specific...
Software Supply Chain: Risk and Reward
INTRODUCTION: The recent interest in the so called “software supply chain” highlights the growing importance of using and reusing existing software. Companies realize they need to buy...
Enhancing Code Reviews with Static Analysis
INTRODUCTION: Code reviews (or inspections) are an effective way to reduce defects in software projects. In fact, defect removal rate can be as high as 75%, meaning two thirds of all...
The Economics of Static Analysis Tool Usage
INTRODUCTION: The most effective tool is one that reports a good number of true positives, without too many false negatives, without consuming too much compute...
Human Factors in Evaluating Static Analysis Tools
INTRODUCTION: Advanced static analysis tools are popular because they have proven effective at finding serious programming defects. In contrast to traditional dynamic testing, the...
Finding Bugs is Only the Beginning
I sometimes describe our main commercial product, CodeSonar, as a “defect detection tool.” While this is a convenient shorthand, it ignores a lot of what CodeSonar attempts to...
What is Taint Checking?
Taint checking? This isn't a trap, I promise. It sounds vulgar, but its etymology is perfectly reasonable, stemming from the notion that data that has been "tainted" by a...
The Advantages of Hybrid Source and Binary Static Analysis
INTRODUCTION: GrammaTech brought unique binary code analysis to the market in 2013. Before then, the only option for binary analysis was to ship your code to specialists who would...
CodeSonar for JIRA (Plugin)
I'm pleased to inform the masses of our new integration plugin designed to work with CodeSonar and Atlassian JIRA Server software. This plugin will allow companies to seamlessly add the...