Software Security Analysis: Managing source code audit
Independent thesis Advanced level (degree of Master (One Year))Student thesis
Software users have become more conscious of security. More people have access to Internet and huge databases of security exploits. To make secure products, software developers must acknowledge this threat and take action. A first step is to perform a software security analysis. The software security analysis was performed using automatic auditing tools. An experimental environment was constructed to check if the findings were exploitable or not. Open source projects were used as reference to learn what patterns to search for. The results of the investigation show the differences in the automatic auditing tools used. Common types of security threats found in the product have been presented. Four different types of software security exploits have also been presented. The discussion presents the effectiveness of the automatic tools for auditing software. A comparison between the security in the examined product and the open source project Apache is presented. Furthermore, the incorporation of the software security analysis into the development process, and the results and cost of the security analysis is discussed. Finally some conclusions were drawn.
Place, publisher, year, edition, pages
2004. , 20 p.
Software security, audit, exploit, closed source, open source, buffer overflow
Computer Science Software Engineering
IdentifiersURN: urn:nbn:se:bth-3615Local ID: oai:bth.se:arkivex592D8C21BD19DCD5C1256EC3002AC5ACOAI: oai:DiVA.org:bth-3615DiVA: diva2:830925
Carlsson, BengtBengtsson, Perolof