O'Reilly logo

IoT Penetration Testing Cookbook by Aditya Gupta, Aaron Guzman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to do it...

Common Linux utilities are helpful to search through C/C++ code files. Although, there are commercially available source code analysis tools available that do a much better job than common utilities to prevent from memory corruption vulnerabilities with IDE plugins developers can use. For demonstration purposes, we will show how to search through code files for a list of predefined function vulnerable calls and rules with grep as well as flawfinder in the following steps.

  1. To discover unsafe C functions, there are several methods that can be used. The simplest form is using a grepexpression similar to the example shown as follows:
$ grep -E '(strcpy|strcat|sprintf|strlen|memcpy|fopen|gets)' code.c
  

This expression can be ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required