Secure Programming with Static Analysis

shooter · #1 (**permalink**) 05-17-2008, 07:29 PM

Secure Programming with Static Analysis

The First Expert Guide to Static Analysis for Software Security!

Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.

About the Author
Brian Chess is a founder of Fortify Software. He currently serves as Fortify’s Chief Scientist, where his work focuses on practical methods for creating secure systems. Brian holds a Ph.D. in Computer Engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service. He lives in Mountain View, California.

Jacob West manages Fortify Software’s Security Research Group, which is responsible for building security knowledge into Fortify’s products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob worked with Professor David Wagner at the University of California at Berkeley to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.

Download

LinkBacks (?) LinkBack to this Thread: http://www.free-ebook-download.net/programing-book/5979-secure-programming-static-analysis.html
Posted By	For	Type	Date
del.icio.us/network/incubos	This thread	Refback	06-19-2008 12:18 PM
Free PDF Ebooks Download	This thread	Refback	05-18-2008 02:15 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Technical Analysis for Direct Access Trading: A Guide to Charts, Indicators, and Other Indispensable Market Analysis Tools	FED	Business Book	1	07-19-2008 08:25 PM
The Static and Dynamic Continuum Theory of Liquid Crystals: A Mathematical Introduction	shooter	Science Book	0	05-12-2008 02:10 PM
Data Analysis, Classification and the Forward Search: Proceedings of the Meeting of the Classification and Data Analysis Group (CLADAG) of the Italian	FED	Technical Book	0	02-28-2008 01:53 PM
Title: Cisco Security Professional's Guide to Secure Intrusion Detection Systems	abb	Technical Book	0	08-24-2007 07:37 AM
Secure PHP Development: Building 50 Practical Applications	abb	Programing Book	0	08-24-2007 07:32 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)