Network Security Software Code Scanning Tool

The scanning tool is naturally IBM AppScan

http://edu.aqniu.com/

http://www.nxadmin.com/tools/675.html

Appscan is one of the most widely used tools in the web application penetration testing arena. It is A desktop application that facilitates automated vulnerability assessment of web applications by security professionals. This article focuses on configuring and using Appcan, and analyzing scan results will be discussed in the next article.

Key features of Appscan:

Appscan 8.5 Standard has many new features, most of which will be covered in my summary below:

Flash Support: 8.0 Appscan added flash support in relatively early versions, it can explore and test applications based on Adobe's Flex framework, and also supports the AMF protocol.

Glass box testing: Glass box testing is a new feature introduced in Appscan. During this process, a proxy server is installed, which helps to find hidden URLs and other problems.

Web Services Scanning: Web Services Scanning is a scanning feature in Appscan with efficient automation support.

Java Script Security Analysis: JavaScript security analysis is introduced in Appscan, which analyzes crawl html page vulnerabilities and allows users to focus on different client-side issues and DOM (Document Object Model) based XSS issues.

Reports: According to your requirements, reports can be generated in the required format.

Repair support: For identified vulnerabilities, the program provides relevant vulnerability descriptions and repair solutions.

Customizable scanning strategies: Appscan is equipped with a set of custom scanning strategies, and you can customize the scanning strategies that suit your needs.

Tool support: It has like authentication test, token analyzer and HTTP request editor, etc., which is convenient for manual testing of vulnerabilities.

Ajax and Dojo framework support.
Now, let's move on to learn more about the process of installing and scanning web applications with Rati??onal AppScan.


--Nmap

NMap, also known as Network Mapper, is the earliest network scanning and sniffing toolkit under Linux.

It has three basic functions. One is to detect whether a group of hosts is online; the other is to scan host ports and sniff the network services provided. ; can also infer the operating system used by the host. Nmap can be used to scan LANs with only two nodes, up to networks with more than 500 nodes. Nmap also allows users to customize scanning techniques. Usually, a simple ping operation using the ICMP protocol can meet the general needs; it can also probe deeply into the UDP or TCP port, up to the operating system used by the host; it can also record all probe results in various formats of logs for further Analysis operations.
Do a ping scan, print out the hosts that responded to the scan, and do no further testing (such as port scans or OS probes):
nmap -sP 192.168.1.0/24
only lists every host on the specified network, without sending any Packet to the target host:
nmap -sL 192.168.1.0/24 to
detect the open ports of the target host, you can specify a comma-separated list of ports (such as -PS22, 23, 25, 80):
nmap -PS 192.168.1.234
use UDP Ping to detect the host:
nmap -PU 192.168.1.0/24
The most frequently used scan option: SYN scan, also known as half-open scan, it does not open a full TCP connection and executes very quickly:
nmap -sS 192.168.1.0/24
When SYN scan is not available, TCP Connect() scan is the default TCP scan:
nmap -sT 192.168.1.0/24
UDP scan with -sU option, UDP scan sends empty (no data) UDP Header to each target port:
nmap -sU 192.168.1.0/24
Determine which IP protocols the target supports (TCP, ICMP, IGMP, etc.):
nmap -sO 192.168.1.19
Probe the target's OS:
nmap -O 192.168.1.19
nmap -A 192.168.1.19
In addition, the example in the official nmap documentation:
nmap -v scanme.
This option scans all reserved TCP ports in the host scanme. Option -v enables verbose mode.
nmap -sS -O scanme./24
performs a secret SYN scan on 255 hosts on the "C class" network segment where the host Saznme is located. Also try to determine the OS type of each worker host. Because of the SYN scan and OS detection, this scan requires root privileges.
nmap -sV -p 22, 53, 110, 143, 4564 198.116.0-255.1-127
for host enumeration and TCP scan, the object is 255 8-bit subnets in the 188.116 network segment of class B. This test is used to determine if the system is running sshd, DNS, imapd or port 4564. If these ports are open, version detection is used to determine which application is running.
nmap -v -iR 100000 -P0 -p 80
randomly select 100000 hosts to scan whether to run a web server (port 80). It is very time consuming to send probe packets to determine whether the host is working from the initial stage, and only one port of the host needs to be probed, so use -P0 to prohibit the list of hosts.
nmap -P0 -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20
Scans 4096 IP addresses, finds web server (without ping), saves results in Grep and XML format .
host -l | cut -d -f 4 | nmap -v -iL - Do
a DNS zone transfer to discover hosts in and then feed the IP address to Nmap. The above command is for GNU/Linux -- other systems have different commands for zone transfers.
Other options:
-p (only scan specified ports)
single ports and port ranges denoted by hyphens (eg 1-1023) are fine. When scanning both TCP and UDP ports, the protocol can be specified by prefixing the port number with T: or U:. Protocol qualifiers remain in effect until another is specified. For example, the parameter -p U:53, 111, 137, T:21-25, 80, 139, 8080 will scan UDP ports 53, 111, and 137, as well as the listed TCP ports.
-F (fast (limited port) scan)





-- openvas http://www.openvas.org/

OpenVAS is an open vulnerability assessment system, or it can be said that it is a network scanner that includes related tools.


Its architecture is as follows shown:
Users need a way to automate testing and ensure that the most appropriate and up-to-date tests are being run. OpenVAS includes a central server and a graphical front end. This server allows users to run several different network vulnerability tests (written in the Nessus attack scripting language), and OpenVAS can update it frequently. All OpenVAS code conforms to the GPL specification.
Building the architecture
OpenVAS is a client/server architecture, which consists of several components. On the server (Linux only), the user needs four packages:
OpenVAS-Server: implements basic scanning functions
OpenVAS-Plugins: a set of network vulnerability testing programs
OpenVAS-LibNASL and OpenVAS-Libraries: components required to implement server functions
On the client side (either Windows or Linux), the user only needs the OpenVAS client.
openvas


atlas--coverity's inspection of code focuses on code
quality . Coverity code static detection tool is used. It's very powerful and exceeds my expectations. The main functions are as follows:

    List the code that will not be executed,
    List the class member variables that are not initialized,
    List the exceptions that are not caught,
    List the return statement that does not give a return value.
    Although a function has a return value, it calls the Where the function does not use its return value, it will also be listed to
    list the new objects that have not been recycled
    List the handles that have not been closed
    precisely locate the code line, and provide the function of expanding the function layer by layer
    Lists possible overflows of numeric types. For example, the ++ operation on an unsigned int may result in an int overflow, which will be detected.
    Where the & bit operation should be used, and the | bit operation should not be used, it can be located and suggested that
    the format of ostream has been modified in a function, but the ostream is not restored to the previous format after exiting the function. Detected
    ...

--fortify focuses on code-focused security vulnerabilities.

Fortify SCA 2016 is a software specially used to detect the security of software source code. The software is powerful and easy to operate. Since many irregular source codes are hidden poisons... Xiaobian brings you the latest cracked version of Fortify Sca, so that everyone can use the source code contributed by others with confidence--





findbugs code scanning
  FindBugs is a static analysis tool. It examines a class or JAR file, comparing the bytecode to a set of defect patterns for possible problems. With static analysis tools, software can be analyzed without actually running the program.

--checkstyle code duplication scanning


   Now many open source tools can standardize code review, the more popular ones are as follows, and a brief introduction is given.

     PMD: It is a Java program code inspection tool released by the BSD protocol, which can check whether the Java code contains unused variables, whether it contains empty grab blocks, whether it contains unnecessary objects, etc.
     FindBugs: is a static analysis tool that examines a class or JAR file, comparing the bytecode to a set of defect patterns to find possible problems.
     Checkstyle: is a static analysis tool that checks Java program code.
     Cppcheck is a C/C++ code defect static checking tool.
　  PC-Lint is also a static code inspection tool that checks C or C++.

      Currently, the center uses the Checkstyle tool. I personally think that PMD and Checkstyle are very similar, and both can be integrated into the Eclipse or MyEclipse development environment in the form of plug-ins. The following is a detailed introduction to the use of Checkstyle in Eclipse. At the same time, you are welcome to continue to add.

1 Download and installation

of Checkstyle 1.1 Download of

      Checkstyle Checkstyle can be downloaded from its official website http://checkstyle.sourceforge.net/. The official website also provides relevant documents of Checkstyle, such as configuration files, code inspection items, etc., which are rich in content and complete in coverage. You can refer to the relevant information on the official website according to your own needs. After entering Checkstyle's official website, enter the Download page to download Checkstyle. At present, most development projects use the Eclipse or MyEclipse IDE, so I recommend going to http://en.sourceforge.jp/projects/sfnet_eclipse-cs/releases/ to download, the website has various EclipseCheckstyle Plug-in version. In the following introduction, I use the Checkstyle plugin of the net.sf.eclipsecs-updatesite_5.5.0.201111092104-bin.zip version.

1.2 Installation of Checkstyle The

    following installation process is based on Eclipse SDK-3.7.2.

   (1) Open eclipse and select install software in help.

(2) Click add, select the Checkstyle installation package net.sf.eclipsecs-updatesite_5.5.0.201111092104-bin.zip;

  

(3) Click OK to go to the next step;

(4) Restart Eclipse.

        Steps to confirm the successful installation:

     Open eclipse, select window->preferences->Checkstyle in the left navigation bar, if checkstyle appears, it means your installation is successful.


2 Checkstyle configuration

     Checkstyle provides two configuration files by default: one is Sun Checks, the corresponding configuration file is sun_checks.xml file, which means Checkstyle configuration that checks the sun coding conventions; generally, the default setting of Checkstyle is sun_checks.xml configuration document. The other is Sun Checks (Eclipse), the corresponding configuration file is sun_checks_eclipse.xml, which means Slightly modified version of Sun Checks that better matches the default code formatter setting of Eclipse.

     Generally, the check items of Sun Checks are strictly limited. Our actual project does not require such perfect programming specifications, so we can define the configuration file of the check by ourselves, and finally set the configuration file of Checkstyle to our custom file. Regarding the setting of check items, I will explain in the following chapters. Let's take a look at how Checkstyle can be used quickly.

3 Quick Start of

   Checkstyle After installing Checkstyle, you can use it to check our code.

3.1 Use Checkstyle to check a single java file

   Select the file, right-click to select Checkstyle, and select Check Code with Checkstyle.



        At this point, look at the changes in the original file. The original document will appear yellow in the place that does not meet the specification! , hover the mouse over the exclamation mark, you can see the information prompt. Alternatively, in the Console column, you can see the Checkstyle violations view, which will have information prompts.



     Selecting the Checksty violations chart view will make statistics of each kind of irregular information and draw it into a chart, which is humane enough, hahaha.



3.2 Use Checkstyle to check the entire project

    On the project name, right-click and select Checkstyle, and select Check Code with Checkstyle.


   View non-standard information, the method is the same as Section 3.1.


  Checkstyle can also check the files of the entire package, or the files of a certain code segment. Specifically, you can follow your needs, and I won't introduce them one by one.

4. Various check items of Checkstyle

      As mentioned earlier, users can customize various check items. Here is an introduction to various commonly used check items in Checkstyle. In the fifth part, I will describe how to customize the inspection file according to the inspection needs.

      Due to space limitations, in order to keep everyone from looking too tired, and to explain more thoroughly, I wrote Checkstyle's check item configuration content as a separate blog. Interested readers can browse the
article "Checkstyle's Check Item Configuration Details".