02 November 2009 | 12,754 views

RATS – Rough Auditing Tool for Security

Check For Vulnerabilities with Acunetix

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.

Requirements

RATS requires expat to be installed in order to build and run. Expat is often installed in /usr/local/lib and /usr/local/include. On some systems, you will need to specify –with-expat-lib and –with-expat-include options to configure so that it can find your installation of the library and header. Expat can be found here.

You can download RATS here:

Source Code: rats-2.4.tgz

Or read more here.



Recent in Countermeasures:
- StegExpose – Steganalysis Tool For Detecting Steganography In Images
- Twitter Patents Technique To Detect Mobile Malware
- Passera – Generate A Unique Strong Password For Every Website

Related Posts:
- SpikeSource Spike PHP Security Audit Tool
- Graudit – Code Audit Tool Using Grep
- RIPS – Static Source Code Analysis For PHP Vulnerabilities

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,183 views
- Password Hasher Firefox Extension - 117,045 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,560 views

Low-cost VPS Hosting

One Response to “RATS – Rough Auditing Tool for Security”

  1. Mehera 3 November 2009 at 3:43 am Permalink

    Thank you for the RATS download link. It does radically speed-up the time to look through all that code. Extremely informative site. Keep up the good work.