I am trying to find the best source code analyzer for C++ code. I am trying to analyze the security issues such as:
- Buffer Overflows
- Improper Access Control
- Memory Information Leak
- Dead pointers
- Division by zero
- Out of bounds
- Uncaught Exceptions
- SQL Injections
- Pathname Exploits
- Broken Authentication
- Security Misconfigurations
- Insecure Direct Object References
and anything else that could affect the security of an application. I downloaded some source code analyzer testing tools, but I don't know which one is the best. Before I start to analyze my project, I want to test the ability to find the security issues on a random open-source C++ project, especially programs with some network communication.
I would like to ask you if you know some webpage, where I can download some open-source C++ projects with an attached list of some known security bugs. I would import this open source project into my Eclipse or Microsoft Visual Studio (so it's also important that the code is compatible with one of the IDEs) and test the code with several code analyzers.
Afterward, I would try to understand all the warnings and errors found by the source code analyzers and compare them with those known by the author, in order to be able to find the best source code analyzing tool.
-
0I think it will be way better to educate yourself on what those issues are so you can avoid them, rather than rely on some other software since stuff like potential buffer overflows can be impossible to detect. Also, maintain some kind of "test harness" with the project that intentionally tries to exploit and abuse inputs, etc. — mk27
-
0It all depends on your code size. If it is huge code, it is not easy and time-consuming to check errors manually. If it is a small code, say about 10000 lines in total, then you may try to study the logic. Automated code Analyzers are not 100% accurate. However, those are good and useful when it comes to large projects to get an indication of the quality of the code, potential errors, etc. Writing code from scratch is the easiest bit. However, we might need to get support from such tools in case it is someone else's code. — neocambell