Webinar with VDC Research 6/22 | Software Supply Chain Security – Ignorance Is No Longer Bliss Register Now

CodeSonar for Binaries

SAST when Safety and Security Matter

 Manage Software Supply Chain Risk

Java logo

Critical applications are often delivered as binary executables or loadable libraries, either commercial-off-the-shelf, or built by a third party. These applications control systems that people depend on, often these are embedded devices that control airplanes, cars, power plants and medical equipment. Understanding outstanding risk is of high importance for cyber security teams that are responsible for the protection of these systems. GrammaTech has been a leader in this field for over 15 years with CodeSonar. CodeSonar can examine native binary applications and firmware and perform static application security testing (SAST) on them to find previously unknown weaknesses and vulnerabilities.

Book an Evaluation

From a TAG Cyber analyst perspective, this suite of tools looks absolutely first-rate. It includes modern DevOps-consistent features with an unequaled foundational base derived from world-class research. » Read More

Find Vulnerabilities In Third Party Binary Code

GrammaTech’s binary code static analysis technology doesn’t rely on debugging or symbol-table information. It can examine stripped binary executables that third-party software vendors typically ship. With this capability, CodeSonar enables you to perform a security audit on software without cooperation from the vendor.

Abstract Interpretation

GrammaTech SAST tools use the concept of abstract interpretation to statically examine all the paths through the application and understand the values of variables and how they impact program state. Abstract interpretation gives CodeSonar for Java the highest scores in vulnerability benchmarks.

 Code Understanding

Finding vulnerabilities is not sufficient, the developer needs to understand how the problems that have been uncovered fit into the wider application. CodeSonar provides comprehensive code understanding capabilities, helping developers understand issues rapidly. Learn about problems with the code you didn't write, including: Buffer Overruns / Underruns, Command Injection Vulnerabilities, Deadlocks, Divisions By Zero, Double Frees, File System Race Conditions, Frees of Non-Heap Variables, Frees of Null Pointers, High Risk Loops, Integer Overflows, Null Pointer Dereferences, Resource Leaks, Shift Amounts, Exceeds Width, SQL Injection Vulnerabilities, Unreasonable Size Arguments, Uses After Close/Free, Unsafe Format Strings, and more.

Download Datasheet

Performing a Security Audit with CodeSonar

1. Mixed Mode and Decompiler

Analyze applications that are a combination of C/C++ and linked objects or libraries, and analyzes code path that transition the source to binary boundary.

2. Path Visualization

Shaded background and annotations explain the defect path.

3. Call Tree Visualization

To understand how a function fits in the larger application.

Instruction Set Architecture Support

CodeSonar for binaries supports Intel, ARM and Power architecture binaries, with or without debug information. It supports both stripped binaries as well as binaries that are compiled with optimizing compilers..

Eliminating Vulnerabilities in Third-Party Binary Code with Binary Analysis Tools

Book A Evalution

The best way to try a SAST solution is to run it on your own codebase and review the warnings it issues. Book an Evaluation and learn how GrammaTech technology can rapidly improve your software development capability.

System Requirements

Host: Windows, Linux
Hardware: 2+ Cores, 2+GB of RAM, 15+GB of disk
ISAs: Intel, ARM, Power