Penetration Testing mailing list archives
True Source Code Analysis for Security
From: "Maty Siman" <maty () checkmarx com>
Date: Thu, 29 Oct 2009 17:34:13 +0200
Source Code Analysis has become the de facto choice to introduce secure development as well as gauge inherent software risk. The irony is that source code analysis doesn‘t often look at the source at all. In fact, the majority of the products are using Binary analysis or byte-code analysis (BCA) created by the compiler. This method saves a great deal of effort when developing the analysis tools, but lowers drastically the usability and accuracy of the results. This technical paper – with detailed code examples – from Checkmarx research labs, fills this gap and explains how developers, auditors and cloud platform providers benefit from the inherent advantages of true source code analysis tool. http://www.checkmarx.com/NewsDetails.aspx?id=27&cat=3 Maty Siman, CISSP Founder, CTO Checkmarx Ltd. www.checkmarx.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- True Source Code Analysis for Security Maty Siman (Nov 02)
- Re: True Source Code Analysis for Security John Kinsella (Nov 04)
- Re: True Source Code Analysis for Security Jason Ross (Nov 04)
- Re: True Source Code Analysis for Security Jason Ross (Nov 04)
- Re: True Source Code Analysis for Security John Kinsella (Nov 04)