StudyDaddy Computer Science modify an existing C code application that violates several C code rules and recommendations. Your task is to locate the issues, based on the readings for this course, identify the rule(s) or recommendation(s) being violated and then fix the code. You w

modify an existing C code application that violates several C code rules and recommendations. Your task is to locate the issues, based on the readings for this course, identify the rule(s) or recommendation(s) being violated and then fix the code. You w

Week5

Introduction

https://www.securecoding.cert.org/confluence/display/c/Introduction

Automatically Generated Code

https://www.securecoding.cert.org/confluence/display/c/Automatically+Generated+Code

Conformance Testing

https://www.securecoding.cert.org/confluence/display/c/Conformance+Testing

Deprecations

https://www.securecoding.cert.org/confluence/display/c/Deprecations

Development Process

https://www.securecoding.cert.org/confluence/display/c/Development+Process

Government Regulations

https://www.securecoding.cert.org/confluence/display/c/Government+Regulations

Risk Assessment

https://www.securecoding.cert.org/confluence/display/c/Risk+Assessment

Scope

https://www.securecoding.cert.org/confluence/display/c/Scope

System Qualities

https://www.securecoding.cert.org/confluence/display/c/System+Qualities

Taint Analysis

https://www.securecoding.cert.org/confluence/display/c/Taint+Analysis

Tool Selection and Validation

https://www.securecoding.cert.org/confluence/display/c/Tool+Selection+and+Validation

Usage

https://www.securecoding.cert.org/confluence/display/c/Usage

Vulnerability Metric

https://www.securecoding.cert.org/confluence/display/c/Vulnerability+Metric

Level 1- Rules - Read the following subheading on this site

https://www.securecoding.cert.org/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory

EXP33-C. Do not read uninitialized memory

EXP34-C. Do not dereference null pointers

ARR38-C. Guarantee that library functions do not form invalid pointers

STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string

STR38-C. Do not confuse narrow and wide character strings and functions

MEM30-C. Do not access freed memory

MEM34-C. Only free memory allocated dynamically

FIO30-C. Exclude user input from format strings

FIO34-C. Distinguish between characters read from a file and EOF or WEOF

FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful

ENV32-C. All exit handlers must return normally

ENV33-C. Do not call system()

SIG30-C. Call only asynchronous-safe functions within signal handlers

ERR33-C. Detect and handle standard library errors

MSC32-C. Properly seed pseudorandom number generators

MSC33-C. Do not pass invalid data to the asctime() function

Week 6

Level 1- Recommendations

https://www.securecoding.cert.org/confluence/display/c/PRE01-C.+Use+parentheses+within+macros+around+parameter+names

PRE01-C. Use parentheses within macros around parameter names

PRE02-C. Macro replacement lists should be parenthesized

PRE09-C. Do not replace secure functions with deprecated or obsolescent functions

PRE10-C. Wrap multistatement macros in a do-while loop

PRE11-C. Do not conclude macro definitions with a semicolon

DCL20-C. Explicitly specify void when a function accepts no arguments

EXP20-C. Perform explicit tests to determine success, true and false, and equality

INT17-C. Define integer constants in an implementation-independent manner

INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size

ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array

STR00-C. Represent characters using an appropriate type

STR02-C. Sanitize data passed to complex subsystems

STR06-C. Do not assume that strtok() leaves the parse string unchanged

STR07-C. Use the bounds-checking interfaces for string manipulation

MEM00-C. Allocate and free memory in the same module, at the same level of abstraction

FIO01-C. Be careful using functions that use file names for identification

FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()

FIO21-C. Do not create temporary files in shared directories

ENV01-C. Do not make assumptions about the size of an environment variable

SIG02-C. Avoid using signals to implement normal functionality

Describe a Software Security Tool

Describe a software security tool you have used are or interested in using to help mitigate software vulnerabilities.

Provide the URL, the price, and the features. If possible provide screen shots of actually using tool.

Pick a tool that has not been described by another student. Or provide additional details not listed in the other student's post.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!