Menu
Fortify is a SCA used to find the security vulnerabilities in software code. I was just curious about how this software works internally. I know that you need to configure a set of rules against which the code will be run. But how exactly it is able to find the vulnerabilities in code.
Does anyone have any thoughts about this?
Thanks in advance.
219
Fortify Static Code Analyzer (SCA) uses multiple algorithms and an expansive knowledge base of secure coding rules to analyze an application's source code for exploitable vulnerabilities. This technique analyzes every feasible path that execution and data can follow to identify and remediate vulnerabilities.
The benefits of Open Source security with Fortify and Sonatype: Provide code once for both SAST and software composition analysis. Supports Java, . NET, JavaScript and Python.
Fortify is a SCA used to find the security vulnerabilities in software code. I was just curious about how this software works internally. I know that you need to configure a set of rules against which the code will be run. But how exactly it is able to find the vulnerabilities in code.
Fortify SCA comprises five distinct analyzers: data flow, control flow, semantic, structural, and configuration.
HP Fortify SCA has 6 analyzers: data flow, control flow, semantic, structural, configuration, and buffer. Each analyzer finds different types of vulnerabilities.
Data Flow This analyzer detects potential vulnerabilities that involve tainted data (user-controlled input) put to potentially dangerous use. The data flow analyzer uses global, inter-procedural taint propagation analysis to detect the flow of data between a source (site of user input) and a sink (dangerous function call or operation). For example, the data flow analyzer detects whether a user-controlled input string of unbounded length is being copied into a statically sized buffer, and detects whether a user controlled string is being used to construct SQL query text.
Control Flow This analyzer detects potentially dangerous sequences of operations. By analyzing control flow paths in a program, the control flow analyzer determines whether a set of operations are executed in a certain order. For example, the control flow analyzer detects time of check/time of use issues and uninitialized variables, and checks whether utilities, such as XML readers, are configured properly before being used.
Structural This detects potentially dangerous flaws in the structure or definition of the program. For example, the structural analyzer detects assignment to member variables in Java servlets, identifies the use of loggers that are not declared static final, and flags instances of dead code that will never be executed because of a predicate that is always false.
Semantic This analyzer detects potentially dangerous uses of functions and APIs at the intra-procedural level. Basically a smart GREP.
Configuration This analyzer searches for mistakes, weaknesses, and policy violations in an application's deployment configuration files.
Buffer This analyzer detects buffer overflow vulnerabilities that involve writing or reading more data than a buffer can hold.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
