Methods to find bugs

Methods to find bugs

Static Analysis:

1: Reviewing the source code and binaries for security vulnerabilities without executing the code.

Tools: Coverity, Fortify, CodeSonar.

Dynamic Analysis:

1: Analyzing the behavior of the system during execution to identify vulnerabilities.

Tools: Valgrind, AFL (American Fuzzy Lop), QEMU.

Fuzz Testing:

1: Sending random or malformed data to the system to identify how it handles unexpected inputs. Tools: Peach Fuzzer, AFL, Honggfuzz.

SCADA Supervisory Control and Data Acquisition