Introduction to Security Static and Dynamic Analysis
Twitter: @0xmchow
Learning Objectives
Copyright By PowCoder代写 加微信 powcoder
• By the end of this week, you will be able to:
• Use static analysis software to identify vulnerabilities in a software • Understand the difference between static and dynamic analysis
Static Analysis
• Also known as static code analysis
• No execution of program
• Rule based
• Full code coverage
• Will catch bugs in source code such as using insecure or unsafe functions
• Binary static analysis: black box, no code
• Code: white box , given source code
• Examples: grep, lint, Coverity (commercial), Fortify (commercial), Veracode (commercial)
• Reference: https://www.veracode.com/products/static-analysis-sast/static- code-analysis
Tool: JSLint (Lint for JavaScript)
• http://www.jslint.com/
A Glance at Static Analysis Techniques
1. 2. 3. 4.
Data flow analysis
• Collect runtime info about data while in a static state • Basic block (the code), control flow, control path
Control graph
• Node => block
• Edges => jumps / paths
Taint Analysis (also Deterministic Finite Automaton) • Identify variables that have been tainted
• Used vulnerable functions known as sink
Lexical analysis
• code => tokens (e.g., /* gets */)
Strengths and Weaknesses of Static Analysis
• Strengths:
• Find vulnerabilities with high confidence
• Weaknesses:
• Many false positives or false negatives can be generated • Can’t find configuration issues
• Can you prove findings are actual vulnerabilities?
Dynamic Analysis
• System execution; run-time
• Trial and error
• Detect dependencies
• Deal with real runtime variables
• Based on automated tests, user interactions
• No guarantee of full coverage of source
• Example: valgrind – for memory debugging, memory leak detection, and profiling. http://valgrind.org/
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com