Academic Journals Database
Disseminating quality controlled scientific knowledge

STANDARDIZING SOURCE CODE SECURITY AUDITS

ADD TO MY LIST
 
Author(s): Suzanna Schmeelk | Bill Mills | Leif Hedstrom

Journal: International Journal of Software Engineering & Applications
ISSN 0976-2221

Volume: 3;
Issue: 1;
Start page: 1;
Date: 2012;
VIEW PDF   PDF DOWNLOAD PDF   Download PDF Original page

Keywords: Cyber Security | Vulnerability Analysis | Source Code Analysis | Apache Traffic Server | C/C++ | CWE

ABSTRACT
A source code security audit is a powerful methodology for locating and removing security vulnerabilities.An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploitvulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit researchcurrently remains disjoint with minor discussion of methodologies utilized in the field. This paperassembles a broad array of literature to promote standardizing source code security audits techniques. It,then, explores a case study using the aforementioned techniques.The case study analyzes the security for a stable version of the Apache Traffic Server (ATS). The studytakes a white to gray hat point of view as it reports vulnerabilities located by two popular proprietary tools,examines and connects potential vulnerabilities with a standard community-driven taxonomy, anddescribes consequences for exploiting the vulnerabilities. A review of other security-driven case studiesconcludes this research.

Tango Jona
Tangokurs Rapperswil-Jona

     Affiliate Program