BugScan

BugScan
HBGary
Price: Starts at $19,500

HBGary's BugScan ferrets out application holes that expose your network to dangerous exploits, adding quality assurance to your development process.

The binary code analyzer is a plug-and-play 1U Dell box running Windows Server 2003. It connects to the network through an Ethernet interface, or directly to a laptop or PC using a crossover cable--which HBGary recommends for preventing network compromises; there's no encryption for protecting data in transit. By typing BugScan's IP address into your browser, you get a Web-based interface for login and options, such as scanning compiled binary code, configuring user accounts and limiting the number of scans allowed per user.

BugScan provides an enlightening yet frightening experience. It works as advertised to sniff out flaws, such as signed/unsigned conversions, buffer overflows and insecure C library calls. For instance, BugScan can find an MS-RPC DCOM hole (of Blaster worm fame), a Debian hsftp format string glitch and Trillian buffer overflows.

HBGary's BugScan audits code for security holes, adding a layer of QA to your app development. Scanning our sample code--a commercial program--we found upwards of 600 bugs, ranging from potentially dangerous buffer overflows to poor random number generation. BugScan can't repair these holes, but it defines numerous bugs and offers direction by providing standard fix recommendations, including length-specific C library calls and commands, such as 'strncpy' versus 'strcpy' and 'snprintf' versus 'sprintf,' to prevent buffer overflows.

While easy to use, BugScan sports Spartan Web-based admin and reporting interfaces. You'll see an analysis queue that's merely an ordered list of which binaries remain to be scanned. There's no automated way to check the progress of the current operation, and there's no notice when the scan is completed. Scanning large binaries is enough of a chore without having to check back on progress until the scan finishes.

BugScan can't generate reports, but it can be configured to e-mail you a link for grabbing a set of XML results that don't include line breaks. These results can be exported to other formats, including Microsoft Excel or Crystal Reports. The reporting interface would be better if it gave users more control over the view. For instance, allowing users to change the number of bugs that are listed per page, similar to setting per-page results in search applications, would mean loading fewer Web pages for scrolling the entire results. BugScan lists a standard five bugs per page, so with 600 bugs found, you'll need to move through 120 Web pages. The initial results page could also list the bug occurrence offset numbers (a grid-like number used to locate the code reference) alongside the specific bug listing. BugScan requires that users click on specific bugs to get another page that scrolls down to the offset numbers at the bottom right corner.

HBGary offers excellent phone support--you'll speak directly to the people who designed and programmed BugScan. Fortunately, BugScan's packaged documentation is adequate, because its HTML help documentation is abysmal: two paragraphs on an unformatted page.

BugScan can easily replace in-house quality assurance tools, which require development. HBGary provides an excellent tool for companies focused on rooting out risks and maintaining secure project code.

About the Author
Alex Handy is a contributor to Information Security magazine.

This review orginally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSoftwareQuality.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Software security testing and techniques Web server weaknesses you don't want to overlook Using firewalls for software testing: Pros and cons Beating software's cross-site scripting, authentication problems Free Web proxy security tools software testers should get to know How to get management on board with Web 2.0 security issues Web application security best practices: Tips on implementation Testing strategies for complex environments How to make your software tamperproof Ways to approach application performance testing on a tight budget How can I tell if my software security has been breached? Software testing tools and frameworks Performance testing tools - Commercial, less expensive and free Software Testing Ezines New IBM Rational, Tivoli integrated tools pair development with IT STPCon: Do reality checks on performance test products, panelists advise Demo: Using WebGoat, a free software testing tool Getting answers about OpenSTA script problems Defining core software regression tests Selecting the best tool for stress and load testing Required prerequisites for performance testing Surgient 7's self-provisioning promises software testers quick IT resource access RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary JUnit  (SearchSoftwareQuality.com) NUnit  (SearchSoftwareQuality.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.