UCSC Digital Library >
Infomation Security Masters >
Master of Science in Information Security - 2017 >
Please use this identifier to cite or link to this item:
|Title: ||Analyze vulnerabilities of source codes published on open forums|
|Authors: ||Desapriya, S.T.S.T.|
|Issue Date: ||2017|
|Abstract: ||Web applications and mobile applications are extremely popular in the society and also became a part of the human lives. These applications are used by different institutions including gov-ernments for different purposes allowing them to access sensitive information and perform crit-ical operations. Software developers are using many development languages to develop these applications by writing thousands of lines of code, with or without security in mind. Common practice among software developers is that they use open forums to share, suggest code exam-ples and also to look for a suggestion for a problem they face or situation they need to address. Since these open forums are extremely popular among developer community, they tend to use those source examples, for the development of their applications. Because of that source code examples in open forums make direct impact on real world software application, for developers, it is important to have a method of verifying these source code samples and make sure they are free of security vulnerabilities before using.
The Project delivers five main components. Python based crawler used to crawl through Stacko-verflow and download source code samples. Data importer component, developed using csharp, used to import the results given by Checkmarx in to the knowledge base. Dashboard with vari-ous graphs and charts to show the results of the analysis is also developed using csharp. Chrome browser plugin, which is capable of analyzing a selected source code block, for potential vul-nerabilities by referring the knowledge base, is developed as the tool. Finally, MS SQL server used to create the knowledge base which holds all the vulnerability data provided by Checkmarx.
The solution can influence the developers to write more secure code during the development of the project and also make them aware about the security vulnerabilities, which will ultimately make the software rugged. Project would be much more interest for those who involve in soft-ware development related areas and also for application security analysts who are interested and very keen on static analysis.|
|Appears in Collections:||Master of Science in Information Security - 2017|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.