Secure Coding Review System based on Static Analysis Approach

Abstract

The Secure Coding Review System allow users to examine source code for accessing the security vulnerabilities. The current secure coding review tools focuses on using advanced malware injection. Yet, the current systems do not provide detailed feedbacks with suggestions, user friendly interface and does not have community platform which makes it lack of human touch expertise. The proposed system focuses on performing static analysis on source code which concentrates on security vulnerabilities like input validation, authentication, authorization, and user management. The Secure Coding Review system will generate detailed reports highlighting identified issues along with feedback, recommendation and suggestion. Programming languages used to develop the system are HTML, CSS and JavaScript for frontend, PHP for backend and Python Programming language to train the Random Forest Model. The methodology will follow an agile framework. The Secure Coding Review System is able to review uploaded C source code on accessing security vulnerability and provide a detailed report, suggestions and feedback to the users and a community platform is provided. The proposed system offers the advantage of identifying security vulnerabilities using the Random Forest Algorithm providing a detailed report, and supplying a community platform for programmers to engage with one another. Possible future improvements might involve broadening the datasets on targeted vulnerabilities to increase predictability, integrating more security vulnerability assessment classifications, including dynamic review, and hosting the system online.