New opportunities for searching security and security threats in PVS-Studio 7.12

Security. What does this word mean to you? Nowadays, companies spend a lot of effort to ensure that their product is protected from hacking and all sorts of information leaks. PVS-Studio decided to help its users in this direction and expand the functionality in this area. Therefore, one of the main innovations of the upcoming release will be the appearance in the analyzer of new possibilities for ensuring the safety and security of the code. This will be discussed in this article.

A few words about us in terms of safety and security

PVS-Studio (quality control ), (security) (safety). SAST-. SAST (Static Application Security Testing) – , . , , . , , .

, . . , . (, IDE ), , . PVS-Studio Static Application Security Testing, Q3 2020 Forrester Research – - . , SAST safety , .

, , . , , PVS-Studio:

• OWASP ASVS The AUTOSAR C++14 Coding Guidelines. PVS-Studio . 50 !

  
  
  
  
  

• SEI CERT. PVS-Studio.

  
  
  
  
  

• Visual Studio, JetBrains Rider, IntelliJ IDEA , .

  
  
  
  
  

• (OWASP, AUTOSAR) PlogConverter.

  
  
  
  
  

• (OWASP, AUTOSAR) SonarQube . OWASP Top 10.

  
  
  
  
  

. , MISRA C:2012 MISRA C++:2008. 74 .

– CWE (Common Weakness Enumeration). , 514.

(OWASP AUTOSAR), . PVS-Studio 7.12 , . , , , . security safety PVS-Studio, MISRA C C++.

, : OWASP, AUTOSAR? .

The AUTOSAR C++14 Coding Guidelines — C++14, , . . , .

3500 3999. AUTOSAR .

OWASP Application Security Verification Standard — , (), , , , , , .

, AUTOSAR, OWASP ASVS - . (C, C++, C#, Java). 5000 5999.

CERT. SEI CERT Coding Standard – C, C++, Java Perl. CERT (CERT Coordination Center, CERT/CC). PVS-Studio .

, CERT, . , (General Analysis). , , — CERT , . , OWASP ASVS AUTOSAR C++14 Coding Guidelines.

, MISRA C:2012 MISRA C++:2008. , – , ().

, , . , , 2021 .

. ? , ! IDE. Visual Studio ( 2010 2019), JetBrains Rider IntelliJ IDEA. , :

• SAST, MISRA C:2012, MISRA C++:2008, The AUTOSAR C++14 Coding Guidelines, OWASP ASVS, SEI CERT Coding Standard .

  
  
  
  
  

• MISRA. SAST. .

  
  
  
  
  

• , . \ .

  
  
  
  
  

, , . Visual Studio 2019 :

Rider IntelliJ IDEA. Rider:

PlogConverter

, . , , OWASP AUTOSAR. , , – FullHtml. : , . .

, . , Total Warnings (OWASP), , :

SAST :

SonarQube

SonarQube. , , PVS-Studio, SonarQube. , , , .

, , OWASP, AUTOSAR . OWASP :

OWASP Top 10. OWASP Top 10 – -. , OWASP ASVS CWE, . , .

OWASP Top 10 , :

1. ;

   
   
   
   
   

2. ;

   
   
   
   
   

3. ;

   
   
   
   
   

4. XML;

   
   
   
   
   

5. ;

   
   
   
   
   

6. ;

   
   
   
   
   

7. ;

   
   
   
   
   

8. ;

   
   
   
   
   

9. ;

   
   
   
   
   

10. .

    
    
    
    
    

SonarQube :

, CWE, . Security Category. , CWE:

, . OWASP ASVS AUTOSAR C++14 Coding Guidelines. SEI CERT. (Visual Studio, JetBrains Rider, IntelliJ IDEA) , . PlogConverter SonarQube (OWASP, AUTOSAR). , !

. . . , .

. !

, : Nikolay Mironov, Paul Eremeev. PVS-Studio 7.12 New Features for Finding Safety and Security Threats.