Project

Enhancing secure coding assistant: enforcing secure coding rules for c programming language

Following secure coding rules while developing software is challenging, but necessary due to the prevalence of large data breaches attributed to insecure code that have occurred for companies and government entities such as Equifax, Uber, and U.S. Securities and Exchange Commission. Many static analysis tools are available that can find and remediate vulnerable code, however many of them are commercial tools, or if they are open source, do not integrate well with development environments and do not provide feedback. One tool that is both open source and integrates well with the Eclipse Development environment is the Secure Coding Assistant that was developed by Ben White and later enhance by Chen Li at California State University Sacramento (CSUS).
 Secure Coding Assistant provides support for secure coding rules for the Java programming language that were developed at the CERT division of the Software Engineering Institute at Carnegie Mellon University. Secure Coding Assistant also provides error correction and contracting programming for the Java language. To further enhance the Secure Coding Assistant tool, we provide support for the C programming language by semi-automating a subset of the CERT secure coding rules
 vi
 for C. The tool detects CERT rule violations for the Java and C programming languages in the Eclipse Development Environment and provides feedback to aid and educate software developers in secure coding practices as they develop software. The Secure Coding Assistant tool is maintained on GitHub at
  http://benw408701.github.io/SecureCodingAssistant/.

Project (M.S., Computer Science)--California State University, Sacramento, 2018.

Following secure coding rules while developing software is challenging, but necessary due to the prevalence of large data breaches attributed to insecure code that have occurred for companies and government entities such as Equifax, Uber, and U.S. Securities and Exchange Commission. Many static analysis tools are available that can find and remediate vulnerable code, however many of them are commercial tools, or if they are open source, do not integrate well with development environments and do not provide feedback. One tool that is both open source and integrates well with the Eclipse Development environment is the Secure Coding Assistant that was developed by Ben White and later enhance by Chen Li at California State University Sacramento (CSUS). Secure Coding Assistant provides support for secure coding rules for the Java programming language that were developed at the CERT division of the Software Engineering Institute at Carnegie Mellon University. Secure Coding Assistant also provides error correction and contracting programming for the Java language. To further enhance the Secure Coding Assistant tool, we provide support for the C programming language by semi-automating a subset of the CERT secure coding rules vi for C. The tool detects CERT rule violations for the Java and C programming languages in the Eclipse Development Environment and provides feedback to aid and educate software developers in secure coding practices as they develop software. The Secure Coding Assistant tool is maintained on GitHub at  http://benw408701.github.io/SecureCodingAssistant/.

Relationships

Items