Support Center
Explore, Analyze & Document your Code

Code Inspection Use Case: Securing Your Encryption Implementation

Ensuring the security of encryption is crucial for protecting sensitive data. This guide demonstrates how code inspection with Visual Expert helps developers identify and fix encryption vulnerabilities before they reach production.

Critical Encryption Issues Detected Through Code Inspection

1. Use Strong Encryption Algorithms

  • Best Practice: Utilize well-established algorithms like AES-256.
  • Common Issue: Usage of deprecated algorithms like DES or SHA-1.
  • How Visual Expert Helps: Flags weak algorithm usage across your codebase.

2. Keep Encryption Keys Secure

  • Best Practice: Store encryption keys securely and restrict access to authorized personnel only.
  • Common Issue: Hardcoded keys or insecure storage implementations causes theft or unauthorized access.
  • How Visual Expert Helps: Uses Hardware Security Modules (HSMs) or key management services to protect keys from theft or unauthorized access.

3. Implement Key Management Best Practices

  • Best Practice: Regularly rotate encryption keys and implement key hierarchies.
  • Common Issue: Missing key rotation mechanisms or using the same key for all purposes.
  • How Visual Expert Helps: Verifies key rotation implementations and detects single-key usage across multiple contexts.

4. Encrypt Data at Rest and in Transit

  • Best Practice: Implement end-to-end encryption for data in all states.
  • Common Issue: Inconsistent encryption implementation or unprotected data paths.
  • How Visual Expert Helps: Uses secure protocols such as TLS (Transport Layer Security) to trace data flows to identify unencrypted storage or transmission points.

5. Secure Key Exchange Mechanisms

  • Best Practice: asymmetric cryptography (e.g., RSA, Elliptic Curve Cryptography) or key establishment protocols (e.g., Diffie-Hellman) for secure key exchange.
  • Common Issue: Unauthenticated key exchanges vulnerable to man-in-the-middle (MITM) attacks.
  • How Visual Expert Helps: Analyzes cryptographic workflows to identify missing authentication steps.

6. Implement Access Controls

  • Best Practice: Apply least privilege principles to encryption operations.
  • Common Issue: Excessive access privileges or missing authorization checks.
  • How Visual Expert Helps: Maps access patterns to encryption resources and identifies permission issues.

7. Regularly Update and Patch Encryption Systems

  • Best Practice: Keep cryptographic libraries current with security updates
  • Common Issue: Usage of outdated library versions with known vulnerabilities
  • How Visual Expert Helps: Identifies outdated cryptographic dependencies and flags them for updates

8. Monitor and Audit Encryption Activities

  • Best Practice: Implement logging and monitoring to track key usage, encryption operations, and access attempts.
  • Common Issue: Insufficient logging of key usage or encryption failures.
  • How Visual Expert Helps: Conducts regular audits to ensure compliance with security policies and regulatory requirements.

9. Secure Hardware and Environments

  • Best Practice: Implement physical security measures such as access controls, surveillance, and environmental controls (e.g., temperature, humidity).
  • Common Issue: Software-only implementations for highly sensitive operations.
  • How Visual Expert Helps: Identifies opportunities for hardware-backed security implementations.

10. Educate Users on Encryption Security

  • Best Practice: Conduct training and awareness programs for employees. Encourage compliance with security policies and reporting of suspicious activities.
  • Common Issue: Lack of user awareness leads to accidental misuse of encryption features or failure to follow security protocols.
  • How Visual Expert Helps: Analyzes documentation and code comments to verify the presence of encryption guidelines.

PowerBuilder Encryption Rule: Use AES in a Secure Mode

The PowerBuilder code rule "Always use AES encryption algorithm in a secure mode" is a crucial security standard enforced by Visual Expert's code inspection engine. This rule ensures that developers implement AES (Advanced Encryption Standard), which remains one of the most secure symmetric encryption algorithms available for protecting sensitive data.

Visual Expert's inspection capabilities verify that all encryption implementations use AES with appropriate secure modes such as:

  • Cipher Block Chaining (CBC) - Prevents pattern recognition in encrypted outputs
  • Galois/Counter Mode (GCM) - Provides both confidentiality and authenticity

This ensures that the encrypted data is secure and not susceptible to attacks.

Key Benefits of Visual Expert's AES Encryption Analysis

  • Complete Coverage – Scans all encryption implementations across your entire codebase
  • Early Detection – Identifies non-compliant encryption during development
  • Continuous Security – Enforces encryption standards across team members
  • Regulatory Alignment – Helps maintain compliance with security standards

Compliant vs. Non-Compliant Code

Non-Compliant Code

Code that does not adhere to established coding standards, guidelines, or best practices. It may involve:

  • Violations of coding conventions, architectural principles, security policies, or industry regulations.
  • Errors and inefficiencies that impact performance and reliability.
  • Security vulnerabilities that expose software to potential threats.
  • Compliance risks that may lead to regulatory issues.

Detecting and correcting non-compliant code is crucial to maintaining scalable, secure, and high-quality software while ensuring compliance with industry standards.

Example of non-compliant code

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "ecb" // ecb is not compliance
           
Blob lblb_data
Blob lblb_key
Blob lblb_iv
Blob lblb_encrypt

lblb_data = Blob("Test DES", EncodingANSI!)
lblb_key = Blob("Test Key12345678", EncodingANSI!)
lblb_iv = Blob("Test IV 12345678", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lblb_data, lblb_key, &OperationModeECB!, lblb_iv, PKCSPadding!) // OperationModeECB! is not compliance

Compliant Code

Code that follows established coding standards, guidelines, and best practices. It ensures:

  • Adherence to coding conventions, architectural principles, security policies, and industry regulations.
  • Well-structured and readable code for easier understanding.
  • Maintainability and scalability for long-term software stability.
  • Security and reliability to minimize vulnerabilities.
  • Correct functionality that meets quality standards.

By writing compliant code, developers improve software quality, making it easier to maintain, extend, and debug in the future.

Example of compliant code

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "cbc" // cbc is compliant

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "ctr" // ctr is compliant

Blob lblb_data
Blob lblb_key
Blob lblb_iv
Blob lblb_encrypt

lblb_data = Blob("Test DES", EncodingANSI!)
lblb_key = Blob("Test Key12345678", EncodingANSI!)
lblb_iv = Blob("Test IV 12345678", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lblb_data, lblb_key, &OperationModeCFB!, lblb_iv, PKCSPadding!) // OperationModeCFB! is compliant

 

More Use Cases for PowerBuilder

Visual Expert, Code Review, PowerBuilder Code Rules, Secure Encryptions, Use Cases

Visual Expert Featured Resources


Videos