Conduct an industry survey of commercially available automated tools for enforci
ID: 3794884 • Letter: C
Question
Conduct an industry survey of commercially available automated tools for enforcing secure code development and choose one for analysis. Summarize its strengths and weaknesses. Be critical of the available tools. Select a tool that provides for a free demo version to download. Either use source code from another course, obtain a sample of code from the Internet, or develop code to use as the source for the tool. The amount of code should be on the order of 15-30 source statements. A larger sample is acceptable. Describe the results of applying the tool to the code. Your report should provide an objective assessment of a commercially available tool. Your report should be well-organized and provide references for all resources used.
Explanation / Answer
The various types of commercialy automated tools avaialble are as follows:
1) bugScout Tool
2) AppScan Source Tool
3) CxSAST Tool
4) Sentinel Source Tool
From above given tools i will be choosing "AppScan Source Tool", due to its following given strengths:
i) IBM product with high performance.
ii) Can very fastly identify the vulnerabilities
iii) Identification as well as fixing of bug can be done.
iv) Tool avaialble in various platforms.
v) Can be worked with mobile applications code too.
Some weaknesses of tool is as follows:
i) Some time not able to find the configuration related issues.
ii) This tool takes lots of internal RAM
iii) Some times not able to find the correct vulnerabilities.
The results of applying the tool on the source code is as follows:
i) Easily detected 90% of the vulnerabilities.
ii) Provided various suggestions for fixing the vulnerabilities.
iii) Taken less time in identifying the problems