NPO Eshelon: AK-BC code analyzer

Appointment: carrying out certification tests on lack of not declared opportunities (program tabs), the analysis of security of a program code.

Main Functions:

• carrying out the analysis and creation of reports according to the regulating document of State Technical Commission of Russia on lack of not declared opportunities (up to 1 level of control inclusive);
• carrying out the signature and heuristic analysis of the code for the purpose of identification of program tabs and critical vulnerabilities of software;
• support of a set of the ANSI languages of Si, C ++ (ISO/IEC 14882:2003), Java, C#;
• lack of restrictions for volumes of source texts.

Specific Features: integration with base of vulnerabilities of CWE.

Certificate of the Russian Defense Ministry and FSTEC of Russia.

Source: [1]

2015: "The analyzer of source texts of the programs "AK-BC 2" is certified by FSTEC

On May 27, 2015 announced NPO Eshelon obtaining the FSTEC certificate of Russia on a software package "The analyzer of source texts of the programs "AK-BC 2".

The certificate confirms: the product "AK-BC 2" is the software tool of the automated analysis of security of source texts of the software, protection against unauthorized access to information conforms to requirements of the regulating document ". Part 1. Information security software. Classification by the level of absence control of not declared opportunities" (State Technical Commission of Russia, 1999) – on the 4th level of control and specifications.

Carrying out dynamic analysis through AK-BC, 2013

"AK-BC 2" helps to carry out static, dynamic and signature analysis of source texts in the С/С++/Java/С# languages up to 1 level of control.

"AK-BC 2" has several advantages in comparison with the previous AK-BC version:

• accuracy of static analysis of source texts due to the most detailed creation of model of source texts at the level, comparable to the level of operation of the compiler/interpreter is increased;
• several times analysis speed grew;
• the labor input of carrying out dynamic analysis of source texts at the expense of an exact insert of sensors is reduced;
• there are no restrictions on volume of the analyzed source texts;
• intuitive web interface;
• the quality of reports of a system is increased;
• the simultaneous analysis of several projects and simultaneous operation of several experts is possible;
• cross-platform and simplicity of deployment (the product is delivered in the form of the virtual device that allows to start it practically on any OS).