Next week I’m doing a static analysis webinar for Parasoft about “Getting More FOI from Static Analysis” on Tuesday October 15th at 10:00 AM Pacific. What I’ve been seeing is that a lot of people either don’t know how to determine the value they’re getting from static code analysis, or aren’t actually getting the value they need.
I’ll talk about some ways to make sure that you can maximize the value as well as measure it. It’s 30 minutes and free as always. Join us
A lack of time, resources, or training often makes getting beyond basicstatic analysis implementations difficult. Development managers and stakeholders may not even realize that their current static analysis configurations are leaving a wealth of untapped risk-reducing options on the table, which may lead to abandoning the critical software quality practice.
In this webinar, Parasoft Static Analysis Expert Arthur Hicken will discuss tips and tricks for getting more value from your static analysis. Drawing from his 20+ years of field experience, Arthur aka CodeCurmudgeon will offer advice on using policy to connect static analysis to your business needs at the process level, which ensures that you get a better return on your static code analysis investment, while avoiding common pitfalls.
[Update – even if you missed this webinar you can still watch the recording by going to the registration link.]
The abstract reads: The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. Engineers are extremely well poised to perform tasks critical for securing the application—provided that certain key obstacles are overcome.
The paper explores three ways to help development bear the burden of security that the cloud places on them:
Use penetration testing results to help engineers determine how to effectively “harden” the most vulnerable parts of the application.
Apply the emerging practice of “service virtualization” to provide engineers the test environment access needed to exercise realistic security scenarios from the development environment.
Implement policy-driven development to help engineers understand and satisfy management’s security expectations.
It’s an in-depth article with some practical suggestions for improving your code security in the cloud. If you’re not familiar with Crosstalk, it’s “The Journal of Defense Software Engineering” and is full of interesting articles but carries no advertising. Give it a try.
Just a reminder for those who aren’t aware – I maintain a list here I like to call the “SQL Injection Hall of Shame“. There was a quiet period at the first of the year, but now we seem to be back at it. I’ve added a couple of updates – one a large breach that was probably SQL injection and one a small one in healthcare that was for sure.