Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   

Поиск по указателям

Chess B., West J., McGraw G. — Secure Programming with Static Analysis
Chess B., West J., McGraw G. — Secure Programming with Static Analysis

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Secure Programming with Static Analysis

Авторы: Chess B., West J., McGraw G.


To secure complex enterprise and commercial software systems, developers must evaluate enormous code bases and predict their behavior in a nearly infinite number of configurations. Static source code analysis tools automate much of this checking, acting like spell-checkers to systematically identify bugs. Now, there’s a complete guide to static analysis: how it works, how to integrate it into your software development processes, and how to make the most of it in security code review.

Static analysis experts Brian Chess and Jacob West review the pervasive security flaws impacting large-scale software, as well as problems affecting specific program types and features. Then, using extensive Java and C++ code examples, they show how to use static analysis to rapidly uncover these problems. Coverage includes:

· Why conventional bug-catching often misses security problems

· 100 best practices for designing and writing secure code

· 80 serious security vulnerabilities, with specific solutions

· Handling untrustworthy input

· Eliminating buffer overflows: tactical and strategic approaches

· Avoiding flaws specific to Web applications, services, and HTTP

· Securing software that interfaces with outside systems

· Security-aware logging, debugging, and error/exception handling

· Safely writing programs with different privileges than their users

Whatever your role in building more secure software—developer, security engineer, analyst, or tester—this book will put powerful new tools at your command.

Brian Chess is Founder and Chief Scientist of Fortify Software, where his research focuses on practical methods for creating secure systems. He holds a Ph.D. in Computer Engineering from University of California at Santa Cruz, where he studied the application of static analysis to finding security-related code defects.

Jacob West, Manager of Fortify’s Security Research Group, is responsible for building security knowledge into the company’s products. He brings expertise in multiple programming languages, frameworks, and styles, and deep knowledge about how systems fail. West worked with Professor David Wagner at University of California, Berkeley to develop an advanced static analysis tool for discovering security vulnerabilities.

Язык: en

Рубрика: Технология/

Статус предметного указателя: Неизвестно

ed2k: ed2k stats

Год издания: 2007

Количество страниц: 587

Добавлена в каталог: 16.10.2007

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
Предметный указатель
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2020
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте