CodeSonar® Binary Code Analysis

CodeSonar offers the first and only commercially-available binary code analysis product on the market.

For when you don't have access to source code – use Codesonar's groundbreaking binary analysis technology to find bugs and vulnerabilities in binary executables and third-party libraries delivered to you only in binary form.

Unlike other binary code analysis services that require uploading code in order to be analyzed, CodeSonar can be employed on-site, allowing customers to keep their software securely in their own hands. Binary code analysis is available in CodeSonar in two forms: as a standalone analysis tool and integrated with CodeSonar's source code engine.


Sources of Embedded Code

Find Defects in Third-Party Code

According to VDC Research, a large amount of software that runs embedded devices is now developed by external sources, not in-house development teams. Some of this is open-source, but for third-party commercial software, the source is often unavailable.

Because GrammaTech’s binary analysis technology doesn’t rely on debugging or symbol-table information, it can examine the stripped binary executables that third-party software vendors typically ship. With this capability, the technology enables you to perform a security audit on software without any cooperation from the vendor.

In CodeSonar's unique Mixed Mode, our binary code analysis technology is integrated with our source code analysis technology, allowing you to analyze third-party libraries at the same time as you analyze your own code. Analyzing application source code together with binary code also enables CodeSonar with the ability to understand how the application interacts with the libaries. This yields more true results and fewer false positives.


Find and Fix Bugs You Care About

Machine code is well known to be complicated, subtle, and difficult to understand, and as such, finding flaws can be time-consuming, without sufficient help from an automated tool. CodeSonar helps engineers who might not know all of the subtle details of machine code by providing English explanations about what’s happening in the code at the particular point of a detected error.

When paired with CodeSonar’s code visualization features, it also provides a unique advantage for understanding where vulnerabilities exist in your code. With multiple viewing options for visualizing metrics, defects, and sources of input data, you can quickly gain a high-level understanding of what the code looks like.

CodeSonar

Watch static analysis in action.

Begin Your Free Trial

Learn about problems with the code you didn't write.

  • Buffer Overruns / Underruns
  • Command Injection Vulnerabilities
  • Deadlocks
  • Divisions By Zero
  • Double Frees
  • File System Race Conditions
  • Frees of Non-Heap Variables
  • Frees of Null Pointers
  • High Risk Loops
  • Integer Overflows
  • Null Pointer Dereferences
  • Resource Leaks
  • Shift Amounts Exceeds Width
  • SQL Injection Vulnerabilities
  • Unreasonable Size Arguments
  • Uses After Close/Free
  • Unsafe Format Strings
Eliminating Vulnerabilities in Third-Party Code with Binary Analysis

More bugs found. More lives saved. More hacks prevented.

Begin Your Free Trial