Source code analysis with respect to Security-related problems

From Master Projects
Jump to: navigation, search


About Source code analysis with respect to Security-related problems


Description

This project is offered by KPMG, Amstelveen.

Security is one of the most exposed and important areas in today's IT. A lot of effort is being put into securing the infrastructure, networks (with firewalls), improving security governance and management. One of the areas that is often forgotten is security of applications, especially that of custom-made web applications. Initiatives such as OWASP and CWE define known security vulnerabilities in web applications. However, not so many flexible and automated tools are available to find security issues in the program code.

Most known vulnerabilities of this kind are SQL injection and Cross Site Scripting, that both boil down to proper input and output validation, which is often forgotten. It is interesting to approach this problem with static source code analysis. To this end, a tool for automatic analysis of source code w.r.t data flow and input validation is needed. This could help finding possible security issues in the program code.

Contact: dr. Yaroslav S. Usenko, +31 6 24449199, usenko.yaroslav@kpmg.nl