I am trying to find the best source code analyzer for C++ code. I am trying to analyze the security issues such as:
- Buffer Overflows
- Improper Access Control
- Memory Information Leak
- Dead pointers
- Division by zero
- Out of bounds
- Uncaught Exceptions
- SQL Injections
- Pathname Exploits
- Broken Authentication
- Security Misconfigurations
- Insecure Direct Object References
and anything else that could affect the security of an application. I downloaded some source code analyzer testing tools, but I don't know which one is the best. Before I start to analyze my project, I want to test the ability to find the security issues on a random open-source C++ project, especially programs with some network communication.
I would like to ask you if you know some webpage, where I can download some open-source C++ projects with an attached list of some known security bugs. I would import this open source project into my Eclipse or Microsoft Visual Studio (so it's also important that the code is compatible with one of the IDEs) and test the code with several code analyzers.
Afterward, I would try to understand all the warnings and errors found by the source code analyzers and compare them with those known by the author, in order to be able to find the best source code analyzing tool.
add a comment