Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
Secure Programming with Static Analysis (Addison-Wesley Software Security Series)

Buy
The First Expert Guide to Static Analysis for Software Security!

 

Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.

 

About the Author


Brian Chess is a founder of Fortify Software. He currently serves as Fortify’s Chief Scientist, where his work focuses on practical methods for creating secure systems. Brian holds a Ph.D. in Computer Engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service. He lives in Mountain View, California.

 

Jacob West manages Fortify Software’s Security Research Group, which is responsible for building security knowledge into Fortify’s products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob worked with Professor David Wagner at the

University of California at Berkeley to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.

(HTML tags aren't allowed.)

Crystal Clear : A Human-Powered Methodology for Small Teams (Agile Software Development Series)
Crystal Clear : A Human-Powered Methodology for Small Teams (Agile Software Development Series)

Carefully researched over ten years and eagerly anticipated by the agile community, Crystal Clear: A Human-Powered Methodology for Small Teams is a lucid and practical introduction to running a successful agile project in your organization. Each chapter illuminates a different important aspect of...

Broadband Bible, Desktop Edition
Broadband Bible, Desktop Edition

It’s better with broadband, and you can do it...

Whether you need Internet access to work from home, operate a home-based business, run a small business, or simply enjoy all the wonders of the Web, broadband is better. This guide makes it easy to choose among the many broadband options, get connected, set up...

Succeeding with Object Databases: A Practical Look at Today's Implementations with Java and XML
Succeeding with Object Databases: A Practical Look at Today's Implementations with Java and XML
There is a definite need by many users and practitioners for documented case studies and examples that demonstrate the first-hand use of Object Data Management in realworld applications and systems. During the past few years, we have seen tremendous interest in Java. There has been an important shift from using Java just on the clientside to the...

Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network
Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network

This book looks at network security in a new and refreshing way. It guides readers step-by-step through the "stack" -- the seven layers of a network. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical...

Artificial General Intelligence (Cognitive Technologies)
Artificial General Intelligence (Cognitive Technologies)

This is the first book on current research on artificial general intelligence (AGI), work explicitly focused on engineering general intelligence – autonomous, self-reflective, self-improving, commonsensical intelligence. Each author explains a specific aspect of AGI in detail in each chapter, while also investigating the common themes in...

Generic Programming: Advanced Lectures (Lecture Notes in Computer Science)
Generic Programming: Advanced Lectures (Lecture Notes in Computer Science)
Generic programming attempts to make programming more efficient by making it more general. This book is devoted to a novel form of genericity in programs, based on parameterizing programs by the structure of the data they manipulate.

The book presents the following four revised and extended chapters first given as lectures at the Generic...

©2021 LearnIT (support@pdfchm.net) - Privacy Policy