Source Code Analysis on Asterisk VOIP IP PBX: An Open-Source Communication Toolkit

Analysis of source code has risen to the top of the list of priorities as a result of the persistent danger posed by security breaches to the communication infrastructure that is now interconnected throughout the globe. Studying the source code may help find vulnerabilities in the security coding that might be exploited by hackers to get access to vital information. These vulnerabilities can be found before the hackers have a chance to use them.Either a static analysis or a dynamic analysis may be performed on source code.The difference between static and dynamic analysis is that the latter executes the code in a runtime environment to check for security problems, while the former does not.The purpose of this work is to use both free and commercial tools to analyze the source code of the 'c' language-based Asterisk VOICE IP-PBX for security vulnerabilities.Security coding standards like MISRA C, CERT C, and others were applied to the Asterisk 1.8 VOIP IP PBX (Open source) source code. This report details the vulnerabilities discovered in the codebase using both free and paid security analysis tools.