摘要
静态代码安全检查工具是一种能够帮助程序员自动检测出源程序中是否存在安全缺陷的软件。它通过逐行分析程序的源代码,发现软件中潜在的安全漏洞。本文针对C/C++语言程序设计中容易存在的多种安全问题,分别分析了问题的根源,给出了具体可行的分析及检测方法。最后通过对静态代码安全检查工具优缺点的比较,给出了一些提高安全检查效果的建议。
The tool of static security examining is a kind of software which can help to automatically find secure vulnerabilities in source codes. It can find out secure vulnerabilities in software by analyzing source programs line by line. For the secure vulnerabilities of C/ C++ program language, the reasons of different types of vulnerabilities was analyzed, and then some specific methods of analysis and detection were offered. In conclusion, after comparing the tool's advantage and disadvantage, some advice on improving efficiency of the secure examining program was given.
出处
《计算机工程与设计》
CSCD
北大核心
2005年第8期2110-2112,共3页
Computer Engineering and Design
关键词
静态分析
安全检查工具
C/C++语言
static analysis
tool of secure examining
C/C++ program language
