HackerTop - View topic - Static code security scanner & analyser(Cobra)
View unanswered posts | View active topics It is currently Sun Aug 20, 2017 2:09 am



Reply to topic  [ 2 posts ] 
 Static code security scanner & analyser(Cobra) 
Author Message
User avatar

Joined: Sun Jul 24, 2016 12:11 pm
Posts: 12
Reply with quote
Project :

Cobra (Cobra) is a tool which is located in the static code security analysis, the goal is to find out the source code in the existence of security risks or vulnerabilities.

Application scenarios
1 vulnerabilities before the appearance (detection)
We will be common on the Internet vulnerabilities combing Cobra detection rules to the vulnerability was found before the white hat will scan the risk and solve, to nip in the bud.
Example: early detection of the code in the presence of high-risk files (.Tar.gz/.rar/.bak/.swp), you can avoid high-risk files are downloaded.
2 vulnerabilities in the (scan)
When the enterprise receives the vulnerability of the white hat submitted, the enterprise will fix the vulnerability in the first time, and can be added to the scan rules to detect all the project whether there is a similar vulnerability by Cobra.
Cases: the emergence of the ImageMagick vulnerabilities can be through Cobra set rules scanning a quick scan of all the historical project. Within a few minutes will be able to know enterprise dozens of projects which useful to ImageMagick components, which loopholes, which can be immune.
3 after the vulnerability appears (limit)
When the enterprise fixes vulnerabilities, you can set the repair / validation rules to limit after all submitted to the code is required to repair / validation rules, otherwise not on the line, to reduce the possibility of the same vulnerability again.

view pic 1:

Attachment:
MANUAL.png
MANUAL.png [ 59.15 KiB | Viewed 3990 times ]




view pic 2:

Attachment:
REPORT.png
REPORT.png [ 108.49 KiB | Viewed 3990 times ]



view pic 3:


Attachment:
MANAGE.png
MANAGE.png [ 121.57 KiB | Viewed 3990 times ]




Refer:

Homepage: http://wufeifei.github.io/cobra

Documents: https://github.com/wufeifei/cobra/wiki

code: https://github.com/wufeifei/cobra


Mon Aug 08, 2016 11:37 am
Profile

Joined: Fri Aug 05, 2016 2:53 pm
Posts: 9
Reply with quote
Great!

For code audit, It's useful! .

8-) 8-)


Mon Aug 08, 2016 1:45 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 2 posts ] 

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Copyright © 2003-2016 HackerTop. All rights reserved.
Privacy & Cookies Policy
Community Forum Software by phpBB