Delphi Static Code Analysis with DerScanner

Today, we want to talk about Delphi and how DerScanner can help ensure the safety of your Delphi applications. Delphi has an active community of developers in the millions throughout the globe, but when it comes to ensuring the information security of Delphi code and applications, we often find ourselves short of options. Fortunately, DerScanner is here to fill that gap.

Why Security Matters in Delphi Development

Ensuring the security of your Delphi applications is crucial. Cyber attacks are becoming increasingly sophisticated, and vulnerabilities in your code can lead to severe consequences, including data breaches, financial loss, and damage to your reputation. This is where DerScanner comes in.

What is DerScanner?

DerScanner is a powerful tool designed to run static code analysis on your Delphi applications. It can detect a wide range of security flaws, including:

Hardcoded Secrets:

• Passwords
• Tokens
• Encryption keys
• Database connection strings
• Weak Cryptography:
• Use of vulnerable encryption algorithms
• Use of vulnerable hashing algorithms
• Weak pseudo-random number generators
• Vulnerable encryption modes (e.g., ECB in AES)

Injection Vulnerabilities:

• SQL Injection
• Code Injection

Insecure Cookie Settings:

• Failure to use HttpOnly security settings (increased risk of XSS)
• Failure to use Secure flag (cookies transmitted over unencrypted channels)
• Inaccurate specification of domain and/or path in cookies (potential exposure of other applications in the same domain)

Insecure CORS (Cross-Origin Resource Sharing) Policy Settings
Leakage of System Configuration Data

How to Use DerScanner platform

Using DerScanner is straightforward. You can initiate a scan by providing a link to your repository or by uploading the source code from your local computer. Here’s a step-by-step guide:

1. Provide the Source Code: You can either link to your repository or drag and drop your source code files into DerScanner.
2. Initiate the Scan: Once the files are uploaded, start the scan.
3. Review the Results: After the analysis is complete, you will receive a comprehensive security score for your application. The results are supported by visuals that break down the criticality level and the most frequently encountered vulnerability types.
4. Detailed Report: You will get a detailed report on the findings of your analysis, including the exact location in the source code where each vulnerability occurs. The report also provides a detailed description, example, and remediation advice to help you tackle each vulnerability.

Integration with RAD Studio

DerScanner is a technical partner of Embarcadero, and we are currently working on a plugin integration for RAD Studio. This integration aims to make your Delphi development as seamless and secure as possible.

Conclusion

In conclusion, DerScanner is an invaluable tool for Delphi developers looking to enhance the security of their applications. By detecting critical security flaws and providing detailed remediation advice, DerScanner helps ensure that your Delphi code stays safe and resilient to cyber attacks.

Want to experience it for yourself? Explore Derscanner plans or or try our solution in Derscanner demo version.

Stay secure and happy coding!