Abstract
We illustrate the use of source code analysis to identify and remove the following software security vulnerabilities: (i) Hardcoded Password, (ii) Empty Password Initialization, (iii) Denial of Service, (iv) System Information Leak, (v) Unreleased Resource and (vi) Path Manipulation. We propose one or more solution approaches to remove or at least mitigate each of these vulnerabilities that have the potential to significantly impact the security of software programs if they are left unattended. In this context, we conduct an exhaustive source code analysis of a file writer program, developed in Java, embedded with features for password validation in order to illustrate the Hardcoded password and Empty password initialization vulnerabilities. We also illustrate the occurrence of one or more new vulnerabilities as a result of incorporating a patch (code) to remove an existing vulnerability. Our solution approaches to remove the above vulnerabilities can also be adapted to other high-level programming languages like C/C++. We use the Fortify Source Code Analyzer (SCA) software to conduct the automated source code analysis of the file writer program to test for software security, including both identification and removal of the vulnerabilities.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
