Download E-books Secure Programming with Static Analysis PDF

By Brian Chess

The First professional advisor to Static research for software program Security!

 

Creating safe code calls for greater than simply solid intentions. Programmers want to know that their code can be secure in a virtually limitless variety of eventualities and configurations. Static resource code research provides clients the power to study their paintings with a fine-toothed comb and discover the types of error that lead on to defense vulnerabilities. Now, there’s an entire consultant to static research: the way it works, the right way to combine it into the software program improvement techniques, and the way to utilize it in the course of protection code evaluate. Static research specialists Brian Chess and Jacob West examine the commonest forms of safeguard defects that take place at the present time. They illustrate details utilizing Java and C code examples taken from real-world defense incidents, displaying how coding mistakes are exploited, how they can were avoided, and the way static research can speedily discover comparable error. This booklet is for everybody enthusiastic about development safer software program: builders, defense engineers, analysts, and testers.

 

Coverage includes:

 

  Why traditional bug-catching frequently misses defense problems

  How static research may help programmers get safety right

  The serious attributes and algorithms that make or holiday a static research tool

  36 recommendations for making static research more suitable in your code

  greater than 70 varieties of critical defense vulnerabilities, with particular solutions

  instance vulnerabilities from Firefox, OpenSSH, MySpace, eTrade, Apache httpd, and lots of more

  ideas for dealing with untrusted input

  disposing of buffer overflows: tactical and strategic approaches

  heading off error particular to net functions, internet providers, and Ajax

  Security-aware logging, debugging, and error/exception handling

  developing, keeping, and sharing secrets and techniques and exclusive information

  designated tutorials that stroll you thru the static research process

 

“We designed Java in order that it may be analyzed statically. This ebook exhibits you the way to use complicated static research ideas to create safer, extra trustworthy software.”

Bill pleasure, Co-founder of sunlight Microsystems, co-inventor of the Java programming language

 

“'Secure Programming with Static research' is a brilliant primer on static research for security-minded builders and safeguard practitioners. Well-written, effortless to learn, tells you what you must know.”

David Wagner, Associate Professor, collage of California Berkeley

 

“Software builders are the 1st and top defensive line for the protection in their code. This ebook offers them the protection improvement wisdom and the instruments they wish with the intention to cast off vulnerabilities earlier than they movement into the ultimate items that may be exploited.”

Howard A. Schmidt, Former White condo Cyber safety Advisor

 

BRIAN CHESS is Founder and leader Scientist of give a boost to software program, the place his study makes a speciality of functional tools for growing safe platforms. He holds a Ph.D. in laptop Engineering from college of California Santa Cruz, the place he studied the applying of static research to discovering security-related code defects.

 

JACOB WEST manages enhance Software’s defense study crew, that is answerable for development safeguard wisdom into Fortify’s items. He brings services in several programming languages, frameworks, and types including deep wisdom approximately how real-world platforms fail.

 

CD includes a operating demonstration model of enhance Software’s resource Code research (SCA) product; broad Java and C code samples; and the educational chapters from the e-book in PDF format.

 

 

Part I: software program defense and Static Analysis        1

1          The software program safeguard Problem          3

2          advent to Static research 21

3          Static research as a part of the Code evaluation Process    47

4          Static research Internals          71

Part II: Pervasive Problems            115

5          dealing with enter 117

6          Buffer Overflow           175

7          Bride of Buffer Overflow         235

8          error and Exceptions  265

Part III: beneficial properties and Flavors         295

9          internet Applications        297

10         XML and internet Services           349

11         privateness and Secrets     379

12         Privileged Programs    421

Part IV: Static research in perform  457

13         resource Code research routines for Java        459

14         resource Code research workouts for C 503

Epilogue          541

References      545

Index   559

 

 

Show description

Read Online or Download Secure Programming with Static Analysis PDF

Similar Comptia books

Low Voltage Wiring: Security/Fire Alarm Systems

Best-of-the-best directions for dealing with low voltage wiring The A-Z reference on designing, fitting, retaining, and troubleshooting sleek protection and hearth alarm platforms is now absolutely updated in a brand new version. ready through Terry Kennedy and John E. Traister, authors with over 3 many years of hands-on event apiece within the development undefined, Low Voltage Wiring: Security/Fire Alarm structures, 3rd version offers all of the acceptable wiring information you want to paintings on protection and fireplace alarm platforms in residential, advertisement, and commercial structures.

Mike Meyers' CompTIA A+ Certification Passport, 5th Edition (Exams 220-801 & 220-802) (Mike Meyers' Certficiation Passport)

From the number 1 identify in expert Certification Get at the quickly song to changing into CompTIA A+ qualified with this reasonable, transportable examine software. within, certification education specialist Mike Meyers courses you in your profession direction, delivering specialist information and sound suggestion alongside the way in which. With a radical concentration merely on what you must recognize to go CompTIA A+ tests 220-801 & 220-802, this certification passport is your price tag to luck on examination day.

HackNotes(tm) Linux and Unix Security Portable Reference

Guard your platforms from all kinds of hackers, hijackers, and predators with support from this insightful source. Get thorough, just-the-facts assurance of Linux, UNIX and Solaris, and find out about complicated hacking options together with buffer overflows, password idea, port re-direction, and extra.

Real World Linux Security (2nd Edition)

Your Linux approach should be attacked. Be prepared! genuine global Linux safeguard, moment version brings jointly state of the art suggestions and specific software program for safeguarding your self opposed to state-of-the-art such a lot vicious net assaults. Highlights comprise fabulous new study on IP Tables effectiveness; new how you can block ARP assaults; advances in adaptive firewalls; fast restoration from intrusions; securing instant structures, quick messaging, VPNs, Samba, and Linux 2.

Additional info for Secure Programming with Static Analysis

Show sample text content

Rated 4.84 of 5 – based on 29 votes