пятница, 24 июня 2016 г.

PT Application Inspector provides several approaches to analysis of the source code written in different programming languages:
  • Search by signatures.
  • Exploring the properties of mathematical models derived from the static abstract interpretation of code.
  • Dynamic analysis of the deployed application and verification of the static analysis results.
This series of articles focuses on the structure and operation principles of the signature analysis module (PM, pattern matching). The key benefits of such an analyzer include high performance, simplicity of pattern description, and scalability across various languages. The disadvantage of this approach is that the module is not able to analyze complex vulnerabilities, which require developing high-level models of code execution.

The following requirements have been defined for the module under development:
  • Capability of working with multiple programming languages and the option to add new ones easily.
  • Functionality that allows analysis of the code containing syntactic and semantic errors.
  • Capability of describing patterns using a common programming language (DSL, domain specific language).
In this case, all the patterns describe flaws or vulnerabilities in the source code.