Research and Reviews: Advancement in Cyber Security (e-ISSN:3048-6343)

Secure Code Analysis Tool is an extensive project that makes it easy and automatic to identify security vulnerabilities in software codebases. It is meant to make it easy to identify, explain, and report potential security threats in web, mobile, and API apps. It scans source code to identify typical security vulnerabilities like injection attacks, unsafe data management, and misconfigurations. It then produces human-friendly descriptions for the developers, enabling them to easily comprehend the type of vulnerabilities. The system also provides severity ratings and plots vulnerability distribution through a heatmap, giving an easy-to-use view of the security status of the code. The major goal of this project is to centralize and automate security analysis so that it is efficient and accurate in detecting vulnerabilities, thus eventually minimizing manual intervention and human faults in the development life cycle.

http://www.gimpel.com/html/products.htm

http://www.reasoning.com

http://klocwork.com

V. R. Basili, S. Green, et al., "The Empirical Investigation of Perspective-Based Reading," Empirical Software Engineering, vol. 1, no. 2, 1996.

M. Young and R. N. Taylor, "Rethinking the Taxonomy of Fault Detection Techniques," in Proc. Conf. Software Engineering, pp. 53–62, 1989.

L. J. Osterweil, "Integrating the Testing, Analysis, and Debugging of Programs," in Proc. Symp. Software Validation, 1984.

N. Rutar, C. B. Almazan, and J. S. Foster, "A Comparison of Bug Finding Tools for Java," in Proc. IEEE Symp. Software Reliability Engineering (ISSRE), pp. 245–256, 2004.

R. Chillarege, I. S. Bhandari, et al., "Orthogonal Defect Classification – A Concept for In-Process Measurements," IEEE Trans. Software Engineering, vol. 18, no. 11, pp. 943–956, Nov. 1992.

IEEE, IEEE Standard Classification for Software Anomalies, IEEE Std. 1044-1993, 1993.

W. S. Humphrey, A Discipline for Software Engineering, Addison Wesley, 1995.