logo

GrammaTech CodeSonar®

GrammaTech CodeSonar®

15 June 2016
GrammaTech Static Code Analysis

GrammaTech CodeSonar®: Cyber-Security with Visual Taint Analysis

The increasing number of networked components in embedded systems creates larger attack surfaces that allow hackers to target software.

As a result embedded programmers need to defend their software against highly advanced malicious attacks by adopting a full-spectrum approach to securing the application. This requires a test of the source code with static analysis, an execution of the application with dynamic analysis, and open-source and third-party components and libraries with binary analysis.

Understanding your Attack Surface with Visual Taint Analysis

CodeSonar implements an analysis that tracks potentially hazardous data flows in code. The results of this "taint" analysis are shown as an overlay directly on the code or superimposed on a high-level graphical visualization of the program architecture. Hereby engineers can see notoriously hard-to-find tainted data pathways.

This technology helps to find dangerous vulnerabilities, including buffer over/underrun, integer overflow of allocation size, command injections and SQL injections that an attacker could exploit. CodeSonar manage this by accelerating the speed and accuracy of pinpointing these flows.

Benefits of GrammaTech's embedded software security analyses:

  • Comprehensive Application Security
    The embedded application technology of CodeSonar combines cutting edge cyber-security capabilities for static analysis in a single interface that delivers unmatched breadth and depth of software security.
  • Protection Against Code Injections
    The industry-leading tainted data analysis makes it possible to efficiently find and eliminate dangerous information flows in the code.
  • Defense Against Compromised 3rd Party Components
    Embedded systems increasingly become a collection of network components. This leads to an alarming rate of compromised program components you aren´t responsible for. CodeSonar provides a definitive, auditable, and objective security analysis outside any broader system it may become part of.
  • Reputation Defense
    Improving the security of your software protects the reputation of your organization. To protect data and also their reputation most sophisticated U.S. Government agencies rely on CodeSonar and other GrammaTech technologies.


More information about Grammatech
Free Trial Video News Press Customers Testimonials
GrammaTech Static Code Analysis Screenshot 03 GrammaTech Static Code Analysis Screenshot 03 GrammaTech CodeSonar Screenshot 01 GrammaTech CodeSonar®main page
CodeSonar 4 for Embedded Systems
[PDF]CodeSonar for C/C++ (PDF, 1.5 MB)
[PDF]CodeSonar for Java (PDF, 1.1 MB)
Development Testing
Defect Detection
Concurrency Checks
Security Checks
Architecture vizulisation
Software metrics
Automate the Verification of Your Code
CodeSonar for Java

Compliant to standards
    DO-178
    ISO 26262
    FDA-standards
    MISRA
    CWE- and BSI-regulations
    "Power of Ten" and JPL-regulations
    IEC 62443
How Static Code Analysis works
Workflow-Features
Binary-Analysis
Visual-Taint-Analysis
Whitepapers
References
University program
Case studies
[PDF] Slide-presentation