Lab 6 - Source Code Analysis
Update: Due date extended to Friday May 26th. Continue working on this
lab on Tuesday May 26th.
The purpose of this lab is to utilize source code analysis techniques from
Chapters 4, 5, 6, and 8 to analyze a piece of source code and find potential
vulnerabilities. You may work in groups on this lab.
The code to review is lab6.c which can be copied over
to your Sleipnir directory with the command
cp /home/fac/melissa/public_html/cs451-s15/lab6.c .
You should utilize the code audit process outlined in Chapter 4:
- Preassessment
- Application Review
- Documentation and Analysis
- Remediation Support
The primary outcome for this lab will be a report that lists all of the
vulnerabilities you found in the code. Each vulnerability report should
follow the format given in Chapter 4, which is:
- A brief (one sentence) description/identifier for the vulnerability
- Location of the vulnerability in code (function name and line number(s))
- Vulnerability class, such as buffer overflow, integer underflow, etc.
(the name of the class should be taken from Chapters 5, 6, and 8).
- Description of the vulnerability
- Prerequisites of the vulnerability
- Results of the vulnerability being exploited
- Remediation suggestions to fix the vulnerability
You should submit your write-up of the code review, with all lab partner names
clearly listed, to Moodle for this lab.