The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code.

Source code security vulnerabilities will vary between languages and platforms.

Items to look for in C code include:

Potential vulnerability Function calls to examine for vulnerabilities
Buffer overflows gets(), scanf(), sprintf(), strcat(), strcpy()
Format string vulnerabilities printf(), fprintf(), vprintf(), snprintf(), vsnprintf(), syslog()
Race conditions access(), chown(), chgrp(), chmod(), mktemp(), tempnam(), tmpfile(), tmpnam()
Random number acquisition vulnerabilities rand(), random()
Shell metacharacter vulnerabilities exec(), popen(), system()

Automated Source Code Security Vulnerability Scanners

There are intelligent tools available to help you examine large amounts of source code for security vulnerabilities.

Tool Description
Flawfinder Examines source code and reports possible security vulnerabilities
RATS from Secure Software Solutions Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities.
PScan A limited problem scanner for C source files
BOON Buffer Overrun detectiON
MOPS MOdelchecking Programs for Security properties
Cqual A tool for adding type qualifiers to C
MC Meta-Level Compilation
SLAM Microsoft
ESC/Java2 Extended Static Checking for Java version 2
Splint Secure Programming Lint
JCAVE JavaCard Applet Verification Environment
The Boop Toolkit Utilizes abstraction and refinement to determine the reachability of program points in a C program
Blast Berkeley Lazy Abstraction Software Verification Tool
Uno Simple tool for source code analysis
PMD Scans Java source code and looks for potential problems
C++ Test Unit testing and static analysis tool

For more information regarding source code scanners, read Source Code Scanners for Better Code in the Linux Journal.

For more information regarding secure programming, read the Secure Programming for Linux and Unix HOWTO.