Abstract

With the high growth of computer technology, and especially the fast growth of computer networks and internet, buffer overflows are the most notorious and widely publicized attacks. This problem has a predominant threat to the secure operation of network and in particular, internet based applications. In this thesis, a combined static and dynamic testing approach for detecting the buffer overflow vulnerabilities is implemented. Compared to other approaches, the tool presents more features and aims to increase the accuracy and efficiency while scanning the C and C++ source code. The main idea behind our approach is to rewrite the vulnerable source code so that the modified code uses the new safe call version of old vulnerable C and C++ function. If rewriting is impossible, the tool gives different types of warnings, depending on the complexity of the function syntax, format, and other factors detailed in this thesis. Moreover, the tool provides a description of the problem. If a warning is issued, then it helps the programmer solve this security problem. The new approach brings down the false positive and false negative factors as low as possible. (Abstract shortened by UMI.)