Project 2: Code Review Tools
A. This project requires you to use two different secure static analysis tools to scan a C++ file. The first tool is called FlawFinder and the second one is called VisualCOdeGrepper. Before starting the project, please watch video at https://www.youtube.com/watch?v=OVWHpyjqBkI
B. Next, if you have not done so, please download c.s.ubuntu from http://ccd.ncat.edu/YuanCSUbuntuNew.zip, unzip the file into a folder using the free “7-zip” software. You will need VMPlayer (version 12.x.x) to run the virtual machine. VMPlayer can be downloaded free online. Once you downloaded VMplayer, you can double click the C.S ubuntu.vmx file under the C.S. ubuntu directory. The c.s.ubuntu password is “qwerty”.
C. FlawFinder are already installed in that virtual machine. You just need Flawfinder using command line.
a. For information on how to run FlawFinder, refer to: http://www.dwheeler.com/flawfinder/
D. Next download VisualCodeGrepper from https://sourceforge.net/projects/visualcodegrepp/. Select the Windows version.
a. Once downloaded, install the software to your host machine.
b. Read the README.txt on starting the tool and scanning a file or folder of files.
E. Use the given VulnerableC++ file as input, Run VisualCodeGrepper and FlawFinder to scan for security vulnerabilities.
F. Analyze and compare the results of VisualCodeGrepper and FlawFinder on VulnerableC++ code you run.
a. Compare the severity of similar vulnerabilities found by both tools
b. Discuss similar and different vulnerabilities reported by the tools. Discuss false positive results.
G. Modify the program according to the results of VisualCodeGrepper, run VisualCodeGrepper to see whether the complaints no longer exist.
Modify the program according to the results of FlawFinder, run FlawFinder to see whether the complaints no longer exist.
H. For the modified VulnerableC++ based on VisualCodeGrepper, run it in FlawFinder, and see the results.
For the modified Vulnerable C++ based on FlawFinder, run it in VisualCodeGrepper, and see the results.
You will submit a word document with:
1) The screenshots of execution results of step E. The screenshot should have a caption, and description. The screenshot should include the timestamp of the computer.
2) Your analysis and comparison description of step F.
3) For step G, listing of the corrected program, and screenshots of the results of running VisualCodeGrepper and Flawfinder with the corrected program.
4) For step H, screenshots of the results of running VisualCodeGrepper and Flawfinder with the corrected program. Briefly discuss the results.
5) List the functions you corrected, and how you corrected it. For more information on Code Review Tools check out : https://www.britannica.com/technology/software
Plagiarism Free Papers
Thehomeworkwritings.com’s team of writers write all papers from scratch. We deliver 100% original, unique papers. That’s what makes us the best custom homework writing service
We provide unlimited free revisions to all customers and on all papers. Try The Homework Writings today for the best custom homework writing service and experience in the industry.
Thehomeworkwritings.com gives clients title pages free of charge. Your only job is to fill out our order form. We will handle the rest.
As the leading essay writing service, we never submit any paper without a reference/bibliography page. We do this free of charge too.
Originality & Security
At Thehomeworkwritings.com, we take great pride in delivering only high-quality 100% original papers to all our clients. We also never share any of our clients’ information with third parties. Your data is safe with us.
24/7 Customer Support
No other custom homework writing service has a friendly, always available customer support team to respond to clients like us.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Why outsource our services
We have the best customer support team for your essay writing needs.
You won’t find any other custom homework writing service with pricing as flexible and affordable as ours.
Admission help & Client-Writer Contact
We provide a direct line of communication with our writers for the best writing experience.
As the leading custom homework writing service, we take deadlines very seriously. You will have your paper submitted on time without any delays.
We truly value your feedback, good or bad, and always use your feedback to help us provide you with an even better custom homework writing service