static analysis Archives - Page 7 of 9

SQL Injection is So “2000-and-Late”

Posted on July 17, 2012 by Code Curmudgeon

I’m kind of surprised, or at least disappointed that we are still talking about SQL injection breaches. About a year ago I wrote about...

Top 10 User Mistakes with Static Analysis

Posted on April 12, 2012 by Code Curmudgeon

I recently attended the Static Analysis Tool Exposition (SATE) IV Workshopsponsored by NIST. The goals of SATE are to: Enable empirical research based on...

Software Security Conference on Thursday

Posted on March 27, 2012 by Code Curmudgeon

I’ll be speaking this Thursday at the SATE IV software security conference in McLean, VA. This is a free event open to the public...

Getting the Static out of your Analysis

Posted on December 9, 2011 by Code Curmudgeon

The other day I was talking to a colleague about setting up static analysis properly. I was on my usual soapbox about all the...

‹ Prev 1 … 5 6 7 8 9 Next ›

Definitioner

CAN (Controller Area Network): Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.
flow analysis: A form of static analysis that works by analyzing software by tracing data flows and paths that might be used when running the application. It can find weaknesses, but is subject to false positive results because the paths and data it finds my be improbable or impossible.
static analysis: Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.