Examining source code for maliciousness and security vulnerabilities
https://softwareengineering.stackexchange.com/questions/81133
-
01-11-2019 - |
题
What are some techniques in determining if a particular piece of source code is malicious or vulnerable to malicious attack? I am currently using cppcheck and I am waiting on an install of Rational AppSource. Aside from that and reviewing the US-CERT Secure Coding Guidelines, what else should I be looking at? This is for a very large codebase (150K SLOC).
没有正确的解决方案