26 Feb 2013

Source Code Auditing Tools


Source Code Auditing Tools
Many source code auditing tools are freely available on the Internet. Some of the more common ones include ITS4, RATS (Rough Auditing Tool for Security), Flawfinder, and Splint (Secure Programming Lint). 

 The command line for RATS example here examined:

# ./rats -i -w 1 -d rats-c.xml find.c

Many programming languages allow the programmer to ignore the values returned by functions.This is a dangerous practice because function return values are often used to indicate error conditions.Assuming that all functions complete successfully is another common programming problem that leads to crashes.

In example:

If you are writing a Java program to construct 2 parameters, as such:

public static string getWord(String num, int mon){

 ...... Pre & post conditions
.... Statements 


return num; }

BugScam - IDC utillity ( Scripting language for IDA )








http://www.openrce.org/downloads/details/69/Bugscam




References 

Hex Blog www.hexblog.com
Hex-Rays forum www.hex-rays.com/forum
“IDA Plug-in Writing in C/C++ Tutorial” (Steve Micallef) http://binarypool.com/idapluginwriting/
IDAPython plug-in code.google.com/p/idapython/
IdaRub plug-in www.metasploit.com/users/spoonm/idarub/ ida-x86emu plug-in sourceforge.net/projects/ida-x86emu/ OpenRCE forums www.openrce.org/forums/

22 Feb 2013

PDF forensics tool