Security research often requires a wide variety of tools and approaches. Open source tools can offer an accessible and powerful way to enhance security-testing capabilities. If you work in the security space, here are several open source tools that might be worth adding to your security tool arsenal.
Doxygen Documentation GeneratorDoxygen is a documentation generator for a variety of popular programming languages. It allows users to extract the code structure from source files and highlight relationships between the code elements. This tool essentially provides a visual representation of your code, and it can help provide a deeper, more comprehensive understanding of particularly complex code bases. Doxygen allows users to analyze the flow of the code and can, for example, help visually inspect whether assets flow through input validation functions at expected execution stages.
Being able to visually examine large or complex code bases can supplement existing manual code reviews and fuzzing, and it can help pinpoint issues that you might have otherwise overlooked. (Here's a short list of steps you can follow to create a call graph with Doxygen.) For example, have you ever wondered how the Linux sudo command works? Here's a graphic representation of the code made with Doxygen.
Doxygen call graph for sudo Linux utility (Source: Maggie Jauregui; generated with Doxygen)
Z3 Constraint SolverNext is Z3, a constraint solver tool that can complement software analysis, verification, and fuzzing too ..
Support the originator by clicking the read the rest link below.
