Suricata Hardening: Work on finding and fixing bugs in Suricata using code analyzing tools.
I am interning with Open Information Security Foundation on the project "Suricata Hardening: Work on finding and fixing bugs in Suricata using code analyzing tools.
Suricata being an IDS(Intrusion Detection System), assists digital security analysts in detecting and identifying potential security threats and anomalous traffic. Computer programs need to be debugged and analyzed for bugs and code quality.
This ananlysis can be done with Static analysis or Dynamic analysis.
Static analysis refers to Static Application Security Testing (SAST) is a method of examining a software's source code in order to detect bad coding style, potential vulnerabilities, and security flaws in the source code without actually running the software.
Dynamic code analysis which is Dynamic Application Security Testing (DAST), is designed to test a running software for potentially exploitable vulnerabilities. DAST tools identify both compile time and runtime vulnerabilities, such as configuration errors that only appear within a realistic execution environment.
For now, I have only been analysing the software statically with CodeQL; A Static Code Analysis Tool developed by GItHub which discovers vulnerabilities and bad coding style across a codebase. CodeQL lets us query code as though it were data. The CodeQL database has a lot of queries that can be used to query a codebase to find out vulnerabilities and discover bad coding styles.
CodeQL can also be used to automate these security and code checks by integrating it into DevOps/DevSecOps CI checks.