Free photoshop tutorials
 


« Programming .NET Security (with source code)
Web Mobile-based Applications for Healthcare Management Idea 2007 »

Secure Programming With Static Analysis

  • 1,395 views
  • In: IT eBooks, Software Development
  • Author : ganelon
    • 2 votes, average: 5 out of 52 votes, average: 5 out of 52 votes, average: 5 out of 52 votes, average: 5 out of 52 votes, average: 5 out of 5

    cover

    Software security is the practice of building software to be secure and function properly under malicious attack. This book is about one of software security’s most important practices: code review with a static analysis tool.

    In my book Software Security, I introduce a set of seven best practices called touchpoints. Putting software security into practice requires making some changes to the way most organizations build software. The good news is that these changes don’t need to be fundamental, earth shattering, or cost-prohibitive. In fact, adopting a straightforward set of engineering best practices, designed in such a way that security can be interleaved into existing development processes, is often all it takes.

    The book is not a guide to using security features, frameworks, or APIs. We do not discuss the Java Security Manager, advanced cryptographic techniques, or the right approach to identity management. Clearly, these are important topics. They are so important, in fact, that they warrant books  of their own. Our goal is to focus on things unrelated to security features that put security at risk when they go wrong.

    This book is written for people who have decided to make software security a priority. We hope that programmers, managers, and software architects will all benefit from reading it. Although we do not assume any detailed knowledge about software security or static analysis, we cover the subject matter in enough depth that we hope professional code reviewers and penetration testers will benefit, too. We do assume that you are comfortable programming in either C or Java, and that you won’t be too uncomfortable reading short examples in either language. Some chapters are slanted more toward one language than another. For instance, the examples in the chapters on buffer overflow are written in C.

    TABLE OF CONTENT:
    Chapter 01 - The Software Security Problem
    Chapter 02 - Introduction to Static Analysis
    Chapter 03 - Static Analysis as Part of the Code Review Process
    Chapter 04 - Static Analysis Internals
    Chapter 05 - Handling Input
    Chapter 06 - Buffer Overflow
    Chapter 07 - Bride of Buffer Overflow
    Chapter 08 - Errors and Exceptions
    Chapter 09 - Web Applications
    Chapter 10 - XML and Web Services
    Chapter 11 - Privacy and Secrets
    Chapter 12 - Privileged Programs
    Chapter 13 - Source Code Analysis Exercises for Java
    Chapter 14 - Source Code Analysis Exercises for C

    Download from Rapidshare
    or
    Download from Mihd

    Password:ganelon

    del.icio.us:Secure Programming With Static Analysisdigg:Secure Programming With Static Analysisblinklist:Secure Programming With Static Analysisreddit:Secure Programming With Static AnalysisY!:Secure Programming With Static Analysis

    Random Posts

    You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    One Response to “Secure Programming With Static Analysis

    Leave a Reply

    You must be logged in to post a comment.