CodeSonar® Binary Code Analysis
CodeSonar offers the first and only commercially-available binary code analysis product on the market.
For when you don't have access to source code – use Codesonar's groundbreaking binary analysis technology to find bugs and vulnerabilities in binary executables and third-party libraries delivered to you only in binary form.
Unlike other binary code analysis services that require uploading code in order to be analyzed, CodeSonar can be employed on-site, allowing customers to keep their software securely in their own hands. Binary code analysis is available in CodeSonar in two forms: as a standalone analysis tool and integrated with CodeSonar's source code engine.
Find Defects in Third-Party Code
According to VDC Research, a large amount of software that runs embedded devices is now developed by external sources, not in-house development teams. Some of this is open-source, but for third-party commercial software, the source is often unavailable.
Because GrammaTech’s binary analysis technology doesn’t rely on debugging or symbol-table information, it can examine the stripped binary executables that third-party software vendors typically ship. With this capability, the technology enables you to perform a security audit on software without any cooperation from the vendor.
In CodeSonar's unique Mixed Mode, our binary code analysis technology is integrated with our source code analysis technology, allowing you to analyze third-party libraries at the same time as you analyze your own code. Analyzing application source code together with binary code also enables CodeSonar with the ability to understand how the application interacts with the libaries. This yields more true results and fewer false positives.
Find and Fix Bugs You Care About
Machine code is well known to be complicated, subtle, and difficult to understand, and as such, finding flaws can be time-consuming, without sufficient help from an automated tool. CodeSonar helps engineers who might not know all of the subtle details of machine code by providing English explanations about what’s happening in the code at the particular point of a detected error.
When paired with CodeSonar’s code visualization features, it also provides a unique advantage for understanding where vulnerabilities exist in your code. With multiple viewing options for visualizing metrics, defects, and sources of input data, you can quickly gain a high-level understanding of what the code looks like.
Watch static analysis in action.
Learn about problems with the code you didn't write.
- Buffer Overruns / Underruns
- Command Injection Vulnerabilities
- Divisions By Zero
- Double Frees
- File System Race Conditions
- Frees of Non-Heap Variables
- Frees of Null Pointers
- High Risk Loops
- Integer Overflows
- Null Pointer Dereferences
- Resource Leaks
- Shift Amounts Exceeds Width
- SQL Injection Vulnerabilities
- Unreasonable Size Arguments
- Uses After Close/Free
- Unsafe Format Strings
Eliminating Vulnerabilities in Third-Party Code
with Binary Analysis
Over the last few years, third-party code has moved from a minor factor in software development to a dominant force in the industry. As a result of this outsourcing, the behaviors of significant parts of applications are actually hidden from most of today's popular code analysis tools.
GrammaTech's CodeSonar, on the other hand, uses binary analysis to examine third-party code without access to its source code. This paper describes how to use binary analysis to inspect your third-party code for security vulnerabilities and other errors.