Static analysis of software source code based on the Fortify Static Code Analyzer solution

DOI: 10.31673/2409-7292.2021.020910

Authors

  • Н. В. Горюк, (Goryuk N. V.) State University of Telecommunications, Kyiv
  • І. М. Лавровський, (Lavrovsky I. M.) State University of Telecommunications, Kyiv

DOI:

https://doi.org/10.31673/2409-7292.2021.020910

Abstract

The article analyzes the problem of identifying source code vulnerabilities in the context of software development. An analysis of existing technologies for detecting vulnerabilities in the source code. Methods and means of protection of detection of source code vulnerabilities on the basis of the Fortify Static Code Analyzer solution are investigated. The purpose, main functions and architecture of the Fortify Static Code Analyzer solution are defined. Based on the research conducted in the work, a variant of the process of static analysis of the security of the source code in the context of the software life cycle was developed. Recommendations for the use of static source security analysis technology have been developed.

Keywords: Corporate information system, application security, source code security, source code vulnerabilities, source code security testing.

References
1. Kyiv Smart City [Електронний ресурс] / Автори Вікіпедії // Версія 27695562. – 2020. – Режим доступу: World Wide Web. - URL: https://uk.wikipedia.org/w/index.php?title=Kyiv_Smart_City&oldid=27695562.
2. Vulnerability Review 2020 Global Trends [Електронний ресурс]. – 2020. – Режим доступу: World Wide Web. - URL: https://resources.flexera.com/web/pdf/Report-SVM-Vulnerability-Review-2020.pdf.
3. CVE Details - Postgresql Vulnerability Statistics [Електронний ресурс] – Режим доступу: World Wide Web. - URL: https://www.cvedetails.com/product/575/Postgresql-Postgresql.html?vendor_id=336.
4. CVE Details - Oracle Mysql Vulnerability Statistics [Електронний ресурс] – Режим доступу: World Wide Web. - URL: https://www.cvedetails.com/product/21801/Oracle-Mysql.html?vendor_id=93.
5. Google Summer of Code project ideas 2020, Improve PostgreSQL Regression Test Coverage [Електронний ресурс]. – 2020. – Режим доступу: World Wide Web. - URL: https://wiki.postgresql.org/wiki/GSoC_2020.
6. The MySQL Open Source Project on Open Hub: Language Page [Електронний ресурс] – Режим доступу: World Wide Web. - URL: https://www.openhub.net/p/mysql/analyses/latest/languages_summary.
7. SANS Institute | Top 25 Software Errors [Електронний ресурс]. – 2020. – Режим доступу: World Wide Web. - URL: https://www.sans.org/top25-software-errors/.
8. CERT Secure Coding - Top 10 Secure Coding Practices [Електронний ресурс]. – 2018. – Режим доступу: World Wide Web. - URL: https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices.
9. OWASP Top 10 Application Security Risks - 2017 [Електронний ресурс]. – 2017. – Режим доступу: World Wide Web. - URL: https://owasp.org/www-project-top-ten/2017/Top_10.html.
10. The WhiteSource Solution [Електронний ресурс] // WhiteSource. – 2017. – Режим доступу: World Wide Web. - URL: https://resources.whitesourcesoftware.com/product-datasheets/the-whitesource-solution.
11. Горюк Н. В. Засоби інтеграції технології статичного аналізу безпеки вихідного коду у середовище розробки програмного забезпечення / Горюк Н. В. // «Сучасний захист інформації» – 2020 – №3. – С.54-58.

Downloads

Published

2021-10-13

Issue

No. 2 (2021)

Section

Articles