McCabe Software                                                                  
Call 800-638-6316 or Contact Us Here

latest news

Find Us on Facebook Follow McCabe Software on Twitter

Recommended Security Analysis Processes

Analyze the Attack Surface

Analyze the Effectiveness of Security Testing Using Path Coverage

Compare Complexity Metrics with Known Vulnerable Code

Video Library:

Control Flow Security Analysis Using Attack Maps

Path Coverage and Security Vulnerabilities

Document Library:

Improving Software Security by Identifying and Securing Paths Linking Attack Surfaces to Attack Targets

Control Flow Security Analysis with McCabe IQ - Applying a Path-based Method to Vulnerability Assessment of the Microsoft SDL Banned Function Calls

Combining McCabe IQ with Fuzz Testing - how leveraging static and dynamic path analysis will improve fuzz testing and software security.

Complexity Analysis of Hostile Applets - Forensics: Using Path-Oriented Metric Analysis to Unravel Hostile Applet Algorithm Patterns, Signatures, Similarities, Authors and Derivations

Cyclomatic Path Analysis and Security Vulnerabilities - Learn how Cyclomatic Path Analysis detects more security vulnerabilities and errors in your critical applications.

More Papers

Compare Complexity Metrics with Known Vulnerable Code to Identify Additional Vulnerable Code

30 Day Free TrialUse McCabe IQ to compare code metrics and graphs to identify whether modules exist that are similar to code containing security vulnerabilities.

An organization or project may be aware of a set of modules that have been found to have security vulnerabilities, which might have been identified:

  • in their own organization's projects, or 
  • from such code known to the industry (some available from McCabe).

We recommend using McCabe IQ's comparison feature (from Battlemap GUI or command line) to compare those modules of known vulnerability with all code in your projects, to identify similar modules (in terms of graphs, metrics, call names, etc.) that may contain those same vulnerabilities.  Thus, you can unravel exploitable code by comparable algorithmic patterns, signatures, and derivations using widely adopted industry source code metrics. 

Such similar modules might have been duplicated/cloned or plagiarized, and have the same security flaw as the known code; or they may have been copied/pasted then modified slightly to contain a security flaw when the original code had not.  The security analyst should analyze that list of modules found to be similar, to determine whether they have similar or additional security problems relative to those with the known vulnerabilities. 

Related topic:

Contact Us:

  • To schedule a live demonstration or to speak with us about your software security requirements, Contact Us Here.

Call 800-638-6316 or click here to get more information or schedule a FREE Web demo.

Our Products Our Partners News and Events About Us Support Contact Us