From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Static analysis
- Static analysis refers to the analysis of source code. It examines the text of a program. Therefore, the security testing can be done without executing the source code which is why it's called static. This also mean that you don't need a program that is fully functional to do your testing. Software bugs are usually found in hard-to-reach states or unusual circumstances. They are also language specific. For example, memory management is done manually in languages such as C, while it is automated in Java. Static analysis has some significant limitations, too. For example, only a fixed set of bugs can be detectable due to its reliance on signatures. If there is no signature for a bug, it is not detectable as an anti-virus software. Static analysis also produces lots of false positives which requires manual inspection to determine if what is detected is truly a bug. Last, but not least limitation, is its inability to detect design flaws. There are a number of static analysis tools for…
Contents
-
-
-
-
-
-
-
(Locked)
Testing for security1m 4s
-
(Locked)
Static analysis1m 41s
-
(Locked)
Exploring tools for static analysis1m 42s
-
(Locked)
Dynamic analysis1m 37s
-
(Locked)
Dynamic analysis tools59s
-
(Locked)
Penetration testing1m 33s
-
(Locked)
Penetration testing tools2m 18s
-
(Locked)
Vulnerability management1m 42s
-
(Locked)
Vulnerability management tools1m 57s
-
(Locked)
-
-