CodeSonar's Visual Tainted Data Analysis
CodeSonar's tainted dataflow analysis allows you to explore potentially dangerous data flows in a clear, visual way.
Other content on this topic
Protection against Spectre attacks added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors.
What's New in CodeSonar 4.5?
INTRODUCTION: The latest release of CodeSonar, version 4.5, has updates in key areas and innovations that include detecting insider attacks, a new Python API, and compiler model...
Thwarting Insider Attacks with Advanced Static Analysis
INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...
Thwarting Insider Attacks with Advanced Static Analysis
INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...
Using CodeSonar for Software Supply Chain Risk Management
The software supply chain is a growing concern in software development. Security, in particular, of third party software is a risk that needs to be evaluated and managed. Binary code...
Software Supply Chain: Risk and Reward
INTRODUCTION: The recent interest in the so called “software supply chain” highlights the growing importance of using and reusing existing software. Companies realize they need to buy...
The Advantages of Hybrid Source and Binary Static Analysis
INTRODUCTION: GrammaTech brought unique binary code analysis to the market in 2013. Before then, the only option for binary analysis was to ship your code to specialists who would...
Reducing the Risk of the Software Supply Chain in Medical Devices
INTRODUCTION: Medical devices rely on third-party and in-house existing software as needed, to meet functionality, cost, and time-to-market concerns. Although software of unknown...
How Vulnerable Are You?
INTRODUCTION: The promise of static analysis is compelling but our most frequently-asked question is, "Where do we start?" Security is a top-of-mind concern, so we are also frequently...
Don’t trust any input! Prevent vulnerabilities from becoming exploits with tainted data analysis
INTRODUCTION: One of the most common attack vectors is user (or other) input into a system. It's very risky to assume that input is well-formed, yet people still do, and it is still a...
GrammaTech Adds Hardening Techniques to Software Assurance Portfolio
Ithaca, NY — GrammaTech, a leading provider of software assurance, hardening, and cyber-security solutions, today announced the development of technologies for advanced software hardening. Most...
Improving Quality and Security with Binary Analysis
INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...
Step Four: Security Assurance for IoT Devices - Assessing third party code
INTRODUCTION:
Performing a Security Audit with CodeSonar
Inspired by a recent demonstration to a CodeSonar customer, I helped put together a 7-minute video on performing security audits with CodeSonar. Yes, I know what you're thinking... "7 minutes is...
7:42Performing a Security Audit with CodeSonar
In this tutorial, we describe how to approach security auditing, using CodeSonar.
The Sony Hack and Securing the Software Supply Chain
The latest attack on Sony Pictures by malicious hackers continues to evolve as an international story line. What we know at present is that the FBI has officially blamed North Korea for the attack...