VULNERABILITY DETECTION IN MULTICOMPONENT SOFTWARE USING A SET OF GENERALIZED CODE GRAPH REPRESENTATIONS
G. S. Kubrin, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University
Annotation: The paper presents a survey of existing software security analysis method and their ability to detect vulnerabilities caused by errors in several software components implemented in different programming languages. A set of three generalized code graph representations is proposed for implementation of software security analysis methods with consideration for interaction between components written in different programming languages. A software security analysis system architecture and a prototype of a system that uses proposed generalized code graph representation was developed. The prototype supports analysis of software components written in PHP, C and .NET based programming languages
Keywords: software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, multicomponent software analysis
Pages 65-75