ABSTRACT Software vulnerability is a weakness that can be exploited to get access to the code making the software highly insecure. To make the software secure, vulnerabilities must be identified and corrected. As identifying weaknesses manually in large programs is time consuming, the process needs to be automated. This paper discusses a tool called SecCheck developed to identify vulnerabilities in Java code. The tool takes Java source files as input, stores each line in memory and scans to find vulnerabilities. A warning message is displayed when vulnerability is found. The tool can detect critical software vulnerabilities not found by most of the other tools as well as calculate Degree of Insecurity, a metric defined in this paper. SecCheck has been used to calculate the Degree of Insecurity in two classes of programs: one written by experienced Java programmers and the other by students. The experimental results are discussed.
SecCheck: A Tool for Detection of Vulnerabilities and for Measuring Insecurity in Java Programs
1 file(s) 1.17 MB
Authors
Anirban Basu
- Organization : Department of CSE, East Point College of Engineering & Technology, Bengaluru, (India)
- Email : abasu@anirbanbasu.in ABSTRACT
Nivedita Ghosh
- Organization : Department of CSE, East Point College of Engineering & Technology, Bengaluru, (India)
- Email : gh.nivedita@gmail.com
Priyadarshini.R
- Organization : Department of CSE, East Point College of Engineering & Technology, Bengaluru, (India)
- Email : priya87darshini@gmail.com