Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
IEEE Security and Privacy
Secure coding in c and c++
Constructing a "Common cross site scripting vulnerabilities enumeration (CXE)" using CWE and CVE
ICISS'07 Proceedings of the 3rd international conference on Information systems security
| Hi-index | 0.00 |
The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.