Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   
blank
Авторизация

       
blank
Поиск по указателям

blank
blank
blank
Красота
blank
Chess B., West J., McGraw G. — Secure Programming with Static Analysis
Chess B., West J., McGraw G. — Secure Programming with Static Analysis



Обсудите книгу на научном форуме



Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter


Название: Secure Programming with Static Analysis

Авторы: Chess B., West J., McGraw G.

Аннотация:

To secure complex enterprise and commercial software systems, developers must evaluate enormous code bases and predict their behavior in a nearly infinite number of configurations. Static source code analysis tools automate much of this checking, acting like spell-checkers to systematically identify bugs. Now, there’s a complete guide to static analysis: how it works, how to integrate it into your software development processes, and how to make the most of it in security code review.



Static analysis experts Brian Chess and Jacob West review the pervasive security flaws impacting large-scale software, as well as problems affecting specific program types and features. Then, using extensive Java and C++ code examples, they show how to use static analysis to rapidly uncover these problems. Coverage includes:



· Why conventional bug-catching often misses security problems

· 100 best practices for designing and writing secure code

· 80 serious security vulnerabilities, with specific solutions

· Handling untrustworthy input

· Eliminating buffer overflows: tactical and strategic approaches

· Avoiding flaws specific to Web applications, services, and HTTP

· Securing software that interfaces with outside systems

· Security-aware logging, debugging, and error/exception handling

· Safely writing programs with different privileges than their users

Whatever your role in building more secure software—developer, security engineer, analyst, or tester—this book will put powerful new tools at your command.



Brian Chess is Founder and Chief Scientist of Fortify Software, where his research focuses on practical methods for creating secure systems. He holds a Ph.D. in Computer Engineering from University of California at Santa Cruz, where he studied the application of static analysis to finding security-related code defects.

Jacob West, Manager of Fortify’s Security Research Group, is responsible for building security knowledge into the company’s products. He brings expertise in multiple programming languages, frameworks, and styles, and deep knowledge about how systems fail. West worked with Professor David Wagner at University of California, Berkeley to develop an advanced static analysis tool for discovering security vulnerabilities.


Язык: en

Рубрика: Технология/

Статус предметного указателя: Неизвестно

ed2k: ed2k stats

Год издания: 2007

Количество страниц: 587

Добавлена в каталог: 16.10.2007

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
blank
Предметный указатель
blank
Реклама
blank
blank
HR
@Mail.ru
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2020
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте