Binary Code & Binary Analysis

What is binary analysis?

Binary analysis (code review) is a form of static analysis that deals only with the binary executable of an application without visibility into the source code. It is usually comprised of a multi-step approach to reverse engineer the binary by attempting to model data types, flows, and control paths through various means. Then, an attempt is made to analyze the derived model in order to detect recognized security flaw patterns and synthesize the results into detailed vulnerability reports with actionable remediation.

What problems do binary code reviews solve?

Motivations for performing a binary analysis include assessing potential vulnerabilities of an application introduced in the compilation process, performing an independent security audit of a third-party library without involvement from the vendor, or when access to the source code is not possible for whatever reason.

Binary code reviews typically discover vulnerabilities via decomposition and disassembly of the binary and recognition of known vulnerability patterns. This can encompass some of the common weakness types such as buffer overflows, unhandled error conditions, cross-site scripting (XSS), and various injection attack vectors. It is particularly suited for malicious code detection and low-level issues like backdoors and rootkits. This is a result of its inherently ultra-low-level analysis of the machine-level instruction sets.

Does Synopsys offer a binary analysis solution?

Synopsys offers Black Duck, an automated software composition analysis (SCA) tool that enables organizations to gain visibility into the composition of purchased software, make better buying decisions, and manage the ongoing risk of operating complex systems and software. 

We also offer a comprehensive set of static analysis solutions with a holistic approach to application security. Our static application security testing (SAST) managed services offering provides scale with reach across the breadth of an organization’s application portfolio as well as elasticity to dynamically respond to evolving threats, shifting business priorities, and workload ebbs and flows. 

The source code analysis provided by SAST is inherently more capable in contextually analyzing multi-tier development frameworks with their associated diverse components such as back-end business logic, client-facing views, and various configuration files. The manual inspection step of SAST can more effectively identify subtle vulnerability patterns. This is possible through a human understanding of context from deep-dive analysis of the components in scope. Additionally, manual inspection eliminates noise and false positives during the assessment, resulting in discovery of important vulnerabilities with actionable remediation guidance for each one.