Analysis of the effects of software coding errors on cybersecurity
Uloženo v:
| Název: | Analysis of the effects of software coding errors on cybersecurity |
|---|---|
| Autoři: | Hussain, Muddasar |
| Rok vydání: | 2020 |
| Sbírka: | Universitet i Oslo: Digitale utgivelser ved UiO (DUO) |
| Témata: | Psalm, software, LDRA, information exposure, Eclipse, Lint, heap based buffer overflow, Cppcheck, Squale, Astrée, JArchitect, Jtest, Flawfinder, Infer, PHPStan, SonarQube, access control, Find Security Bugs, sql injection, ThreadSafe[24], Coccinelle, Cppdepend, race condition, cpplint, static analysis, cross site scripting and server side request forgery, SensioLabs, SemmleCode, CLion, cybersecurity |
| Popis: | This thesis analysis the effects of software coding errors on cybersecurity by using static code analysis tools. Software coding errors can have different types of effect ́s on cybersecurity. The research is done from a programming language perspective, main focus was on the security in the programming languages. Developer use different programming languages for different tasks, some programming languages is more secure to use than other. One of the tool developer can use for the security in their code is static code analysis tool(s). C/C++ is very old programming language and have many unsecure methods, but by using analysis tools the programming language may be as safe as the safest programming language. Three programming languages is selected for the analysis, C/C++,PHP and Java. Three static code analysis tools is used, one for each programming language. Flawfinder for C/C++, WAP (Web Application Protection) for PHP and SpotBugs for Java. Security vulnerabilities will be implemented into the software before analysing the source code. The security vulnerabilities which will be implemented into a real software is: stack based buffer overflow, heap based buffer overflow, format string, integer overflow, use after free, command injection, race condition, access control, information exposure, sql injection, cross site scripting and server side request forgery. In this work there is a large number of static analysis tools collected and information, knowledge about how the vulnerabilities is exploited and how to protect the system. I believe that my approach greatly benefit developer, testers and everyone who are interested in the information and security (infosec)/cyber security field. |
| Druh dokumentu: | master thesis |
| Jazyk: | English |
| Relation: | Hussain, Muddasar. Analysis of the effects of software coding error´s on cybersecurity. Master thesis, University of Oslo, 2020; http://hdl.handle.net/10852/79303 |
| Dostupnost: | http://hdl.handle.net/10852/79303 http://urn.nb.no/URN:NBN:no-82411 |
| Rights: | Dette dokumentet er ikke elektronisk tilgjengelig etter ønske fra forfatter. Tilgangskode/Access code A ; closedaccess |
| Přístupové číslo: | edsbas.89D3AE5F |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | This thesis analysis the effects of software coding errors on cybersecurity by using static code analysis tools. Software coding errors can have different types of effect ́s on cybersecurity. The research is done from a programming language perspective, main focus was on the security in the programming languages. Developer use different programming languages for different tasks, some programming languages is more secure to use than other. One of the tool developer can use for the security in their code is static code analysis tool(s). C/C++ is very old programming language and have many unsecure methods, but by using analysis tools the programming language may be as safe as the safest programming language. Three programming languages is selected for the analysis, C/C++,PHP and Java. Three static code analysis tools is used, one for each programming language. Flawfinder for C/C++, WAP (Web Application Protection) for PHP and SpotBugs for Java. Security vulnerabilities will be implemented into the software before analysing the source code. The security vulnerabilities which will be implemented into a real software is: stack based buffer overflow, heap based buffer overflow, format string, integer overflow, use after free, command injection, race condition, access control, information exposure, sql injection, cross site scripting and server side request forgery. In this work there is a large number of static analysis tools collected and information, knowledge about how the vulnerabilities is exploited and how to protect the system. I believe that my approach greatly benefit developer, testers and everyone who are interested in the information and security (infosec)/cyber security field. |
|---|