From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Exploring tools for static analysis
From the course: Developing Secure Software (2015)
Exploring tools for static analysis
There are quite a few static analysis tools available for software security practitioners. These tools know what security vulnerabilities look like. Although manual inspection is always possible through peer code reviews, it is error-prone and not scalable. The manual approach is also not as comprehensive and complete as its automated counterpart. The use of software tools is also much cheaper than hiring a human expert to do the same amount of work. This relatively inexpensive nature of the static code analysis tools also allows more frequent testing. There are a wide range of approaches used by static code analysis tools. It can be as simple as a search tool capable of interpreting regular expressions. An intermediate approach could be a more customized tool that can do a Lexical analysis based on predefined vulnerability patterns. However, this approach does not consider a context in which a pattern is detected. The most advanced approach is using abstract syntax trees borrowed…
Contents
-
-
-
-
-
-
-
(Locked)
Testing for security1m 4s
-
(Locked)
Static analysis1m 41s
-
(Locked)
Exploring tools for static analysis1m 42s
-
(Locked)
Dynamic analysis1m 37s
-
(Locked)
Dynamic analysis tools59s
-
(Locked)
Penetration testing1m 33s
-
(Locked)
Penetration testing tools2m 18s
-
(Locked)
Vulnerability management1m 42s
-
(Locked)
Vulnerability management tools1m 57s
-
(Locked)
-
-