Testing for Software Security: A Case Study on Static Code Analysis of a File Reader Java Program

Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 166)

Abstract

The high-level contribution of this paper is to illustrate the use of automated tools to conduct static code analysis of a software program and mitigate the vulnerabilities associated with the program. We present a case study of static code analysis conducted on a File Reader program (developed in Java) using the Source Code Analyzer and Audit Workbench automated tools, developed by Fortify, Inc. Specifically, the following software vulnerabilities are discovered, analyzed and mitigated: (i) Denial of Service, (ii) System Information Leak, (iii) Unreleased Resource (in the context of Streams) and (iv) Path Manipulation. We describe the potential risks in having each of these vulnerabilities in a software program and provide the solutions (including the code snippets in Java) to mitigate these vulnerabilities. The proposed solutions for each of these vulnerabilities are more generic and could be used to correct such vulnerabilities in software developed in any other programming language.

Keywords

Denial of Service Path Manipulation Sanitization Static Code Analysis Testing for Software Security Vulnerability 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chess, B., West, J.: Secure Programming with Static Analysis, 1st edn. Addison Wesley (2008)Google Scholar
  2. 2.
  3. 3.
    Whittaker, J. A.: How to Break Software, 1st edn. Addison-Wesley (2002)Google Scholar
  4. 4.
    Howard, M., Leblanc, D., Viega, J.: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, 1st edn. McGraw-Hill (2009)Google Scholar
  5. 5.
    McGraw, G.: Software Security: Building Security, 1st edn. Addison-Wesley (2006)Google Scholar
  6. 6.
    Graff, M.G., Van Wyk, K.R.: Secure Coding: Principles and Practices, 1st edn. O’Reilly Media (2003)Google Scholar
  7. 7.
  8. 8.
    http://www.jsums.edu/cms/tues (last accessed: December 20, 2011)

Copyright information

© Springer-Verlag GmbH Berlin Heidelberg 2012

Authors and Affiliations

  • Natarajan Meghanathan
    • 1
  • Alexander Roy Geoghegan
    • 2
  1. 1.Jackson State UniversityJacksonUSA
  2. 2.L-3 CommunicationsGreenvilleUSA

Personalised recommendations