• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

SCARE – Source Code Analysis Risk Evaluation Tool

February 29, 2008

Views: 5,763

[ad]

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do a static analysis for known limitations like vulnerabilities. However it will flag code for a particular interaction type or control and allow the developer to understand which Operational Security (OpSec) holes are not protected even if it can’t say the effectiveness of that protection at this time.

This computation will provide a final SCARE value, like the RAV, where 100% is the proper balance between controls to OpSec holes and no Limitations. Conversely, less than that shows an imbalance where too few Controls protect OpSec holes or Limitations in OpSec and Controls degrade the security.

The SCARE analysis tool is run against source code. Currently only C code is supported. The output file will contain all operational interactions possible which need controls (the current version does not yet say if and what controls are already there). At the bottom of the list are three numbers: Visibilities, Access, and Trusts. These 3 numbers can be plugged into the RAV Calculation spreadsheet available at http://www.isecom.org/ravs. The Delta value is then subtracted from 100 to give the SCARE percentage which indicates the complexity for securing this particular application. The lower the value, the worse the SCARE.

At this stage, the tool cannot yet tell which interactions have controls already or if those controls are applicable however once that is available it will change the RAV but not the SCARE. The SCARE will also not yet tell you where the bugs are in the code however if you are bug hunting, it will extract all the places where user inputs and trusts with user-accessible resources can be found in the code.

Currently, SCARE is designed to work for any programming language. While this methodology shows the C language, they need input and feedback from developers of other languages to expand this further.

If you are interested in helping with this project please contact ISECOM.

You can download SCARE here:

scare_analyst.zip

Or you can read more here.

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Countermeasures, Exploits/Vulnerabilities, Secure Coding Tagged With: code auditing tool, code-auditing, exploits, Programming, software-security, source code auditing, vulnerability



Reader Interactions

Comments

  1. Pantagruel says

    February 29, 2008 at 10:54 pm

    Mmm interresting piece of kit, eventhough it says little about the exploitability of our qritten code, it does point out the bit’s of ugly code which could potentially lead to a problem. I know my code it rotten and bug ridden (hence I do not distribute a single line), but this would seriously help me asses the weak spots of my code and point me into a direction of ‘perfecting’ it.

  2. eM3rC says

    March 1, 2008 at 3:21 am

    Very cool idea.

    I know there will always be bugs regardless of what you do, but this would be a nice little addition to add to coding just for that little bit of extra insight into your code. I could see this being particularly useful for people new to the programming business or people looking for a little feedback (although its only C).

    Thanks for this Darknet, although I’m probably not gonna use it someone should find it to be pretty useful.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,857)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,351)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,358)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,680)
  • Password List Download Best Word List – Most Common Passwords (931,841)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,473)
  • Hack Tools/Exploits (672,590)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,857)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy