RATS – Rough Auditing Tool for Security

Your website & network are Hackable


RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.

Requirements


RATS requires expat to be installed in order to build and run. Expat is often installed in /usr/local/lib and /usr/local/include. On some systems, you will need to specify –with-expat-lib and –with-expat-include options to configure so that it can find your installation of the library and header. Expat can be found here.

You can download RATS here:

Source Code: rats-2.4.tgz

Or read more here.


Posted in: Countermeasures, Exploits/Vulnerabilities, Programming, Security Software

, , , , , , , , , , , , ,

Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,083 views
- Password Hasher Firefox Extension - 117,768 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,722 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


One Response to RATS – Rough Auditing Tool for Security

  1. Mehera November 3, 2009 at 3:43 am #

    Thank you for the RATS download link. It does radically speed-up the time to look through all that code. Extremely informative site. Keep up the good work.