Daniel Persson; Dejan Baca MCS-2004:13, pp. 20. TEK/avd. för interaktion och systemdesign, 2004.
Software users have become more conscious of security. More people have access to Internet and huge databases of security exploits. To make secure products, software developers must acknowledge this threat and take action. A first step is to perform a software security analysis. The software security analysis was performed using automatic
auditing tools. An experimental environment was constructed to check if the findings were exploitable or not. Open source projects were used as reference to learn what patterns to search for. The results of the investigation show the differences in the automatic auditing tools used. Common types of security threats found in the product have been presented. Four different types of software security exploits have also been presented. The discussion
presents the effectiveness of the automatic tools for auditing software. A comparison between the security in the examined product and the open source project Apache is presented. Furthermore, the incorporation of the software security analysis into the development process, and the results and cost of the security analysis is discussed. Finally some conclusions were drawn.