Auditing source code is rapidly becoming a standard practice employed by security teams to assure that software applications meet their security requirements. The goal of this procedure is to achieve a secure and reliable software and fix potential security holes before the software is deployed.
Orizon is a framework that provides a set of API to do automatic source code auditing. The Orizon framework utilizes both static and dynamic code analysis techniques to discover potential security holes in the source code. The static approach simply falls through the source code and searches for well-known insecure code patterns, while dynamic approach determines software behavior based on ad-hoc input data.
While still in early-stage development, Orizon can find insecure usage of routines (for example, strcpy), potential SQL-Injection and Cross-Site-Scripting vulnerabilities, and several other vulnerabilities from the OWASP Top 10 list.
The Open Web Application Security Project (OWASP) Top 10 lists the most serious web application vulnerabilities, and discusses how to protect against them. The primary aim of the project is to educate developers and software engineers about the consequences of the most common web application security vulnerabilities.
Orizon is still far from being a stable API platform for building source code auditing tools, but the developer believes the project will be the de facto platform for source code auditing tools in the short future.