Source Code Analysis has become the de facto choice to introduce secure
development as well as gauge inherent software risk.
The irony is that source code analysis doesn?t often look at the source at
all. In fact, the majority of the products are using Binary analysis or
byte-code analysis (BCA) created by the compiler. This method saves a great
deal of effort when developing the analysis tools, but lowers drastically
the usability and accuracy of the results.
This technical paper ? with detailed code examples ? from Checkmarx research
labs, fills this gap and explains how developers, auditors and cloud
platform providers benefit from the inherent advantages of true source code
analysis tool.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
development as well as gauge inherent software risk.
The irony is that source code analysis doesn?t often look at the source at
all. In fact, the majority of the products are using Binary analysis or
byte-code analysis (BCA) created by the compiler. This method saves a great
deal of effort when developing the analysis tools, but lowers drastically
the usability and accuracy of the results.
This technical paper ? with detailed code examples ? from Checkmarx research
labs, fills this gap and explains how developers, auditors and cloud
platform providers benefit from the inherent advantages of true source code
analysis tool.
http://www.checkmarx.com/NewsDetails.aspx?id=27&cat=3
Maty Siman, CISSP
Founder, CTO
Checkmarx Ltd.
www.checkmarx.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]