scholarly journals LLVM-based static analysis tool using type and effect systems

2012 ◽  
Vol 46 (7) ◽  
pp. 324-330
Author(s):  
M. Belyaev ◽  
V. Tsesko
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
Type And Effect Systems ◽  
Static Analysis Tool

SharpChecker: Static analysis tool for C# programs

2017 ◽  
Vol 43 (4) ◽  
pp. 268-276 ◽  
Author(s):  
V. K. Koshelev ◽  
V. N. Ignatiev ◽  
A. I. Borzilov ◽  
A. A. Belevantsev
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
C Programs ◽  
Static Analysis Tool

FPGA-based static analysis tool for detecting malicious binaries

2010 ◽  
Author(s):  
Nitesh B. Guinde ◽  
Xin Tang ◽  
Ronak Sutaria ◽  
Sotirios G. Ziavras ◽  
Constantine N. Manikopoulos
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
Static Analysis Tool

Constantine: configurable static analysis tool in Eclipse

2012 ◽  
Vol 44 (5) ◽  
pp. 537-563
Author(s):  
Makarand Gawade ◽  
K. Ravikanth ◽  
Sanjeev Aggarwal
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
Static Analysis Tool

scholarly journals How Developers Diagnose Potential Security Vulnerabilities with a Static Analysis Tool

2019 ◽  
Vol 45 (9) ◽  
pp. 877-897 ◽  
Author(s):  
Justin Smith ◽  
Brittany Johnson ◽  
Emerson Murphy-Hill ◽  
Bill Chu ◽  
Heather Richter Lipford
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
Security Vulnerabilities ◽  
Static Analysis Tool

Security Smells in Ansible and Chef Scripts

2021 ◽  
Vol 30 (1) ◽  
pp. 1-31
Author(s):  
Akond Rahman ◽  
Md Rayhanur Rahman ◽  
Chris Parnin ◽  
Laurie Williams
Keyword(s):  
Empirical Study ◽  
Qualitative Analysis ◽  
Static Analysis ◽  
Open Source Software ◽  
Analysis Tool ◽  
Prior Work ◽  
Code Review ◽  
Bug Reports ◽  
Case Statement ◽  
Static Analysis Tool

Context: Security smells are recurring coding patterns that are indicative of security weakness and require further inspection. As infrastructure as code (IaC) scripts, such as Ansible and Chef scripts, are used to provision cloud-based servers and systems at scale, security smells in IaC scripts could be used to enable malicious users to exploit vulnerabilities in the provisioned systems. Goal: The goal of this article is to help practitioners avoid insecure coding practices while developing infrastructure as code scripts through an empirical study of security smells in Ansible and Chef scripts. Methodology: We conduct a replication study where we apply qualitative analysis with 1,956 IaC scripts to identify security smells for IaC scripts written in two languages: Ansible and Chef. We construct a static analysis tool called Security Linter for Ansible and Chef scripts (SLAC) to automatically identify security smells in 50,323 scripts collected from 813 open source software repositories. We also submit bug reports for 1,000 randomly selected smell occurrences. Results: We identify two security smells not reported in prior work: missing default in case statement and no integrity check. By applying SLAC we identify 46,600 occurrences of security smells that include 7,849 hard-coded passwords. We observe agreement for 65 of the responded 94 bug reports, which suggests the relevance of security smells for Ansible and Chef scripts amongst practitioners. Conclusion: We observe security smells to be prevalent in Ansible and Chef scripts, similarly to that of the Puppet scripts. We recommend practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using (i) code review, and (ii) static analysis tools.

Sign in / Sign up

Export Citation Format

Share Document