Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Analysis tools
Examples: static analysis tools that
search the source code for possible buffer overflows, dynamic analysis tools that help identify
buffer overflows during program
execution for testing
Pros:
•Static
analysis tools can be very useful for code inspection
•Dynamic
analysis tools can help you catch errors during testing that you might not have caught otherwise
Cons:
•Static
analysis tools produce many false positives and only look for certain kinds of buffer overflows, such as unsafe library
function calls