Cogent Engineering (Jan 2017)

Stacy-static code analysis for enhanced vulnerability detection

  • Pankaj Lathar,
  • Raunak Shah,
  • Srinivasa K G

DOI
https://doi.org/10.1080/23311916.2017.1335470
Journal volume & issue
Vol. 4, no. 1

Abstract

Read online

Computer program analysis refers to the automatic analysis of the behavior of a user defined program. An application of program analysis is to determine the quality of source code. Humans are prone to errors and, in most cases, the penalty of deploying low quality code is very high for a large organization. These errors often give rise to potential security vulnerabilities in an application, which could be exploited by malicious users. In this paper, we present Stacy—a tool that statically detects potential security vulnerabilities present in input source code. Static program analysis is the examination of source code prior to its execution. Our tool attempts to predict the behavior of a program before it is deployed. Stacy uses novel techniques to detect the primary sources of vulnerability in the source code of a program and informs the developer.

Keywords