Data Flow Static Code Analysis Best Practices

Save this PDF as:

Size: px
Start display at page:

Download "Data Flow Static Code Analysis Best Practices"

Transcription

1 Data Flow Static Code Analysis Best Practices

2 Introduction This paper examines why and how to add flow analysis to your existing testing strategies. After introducing the general concept and benefits of flow analysis, it explains how flow analysis can be performed using Parasoft BugDetective technology, and demonstrates how it can be applied to bolster both your static analysis and unit testing efforts. Static Code Flow Analysis - Background The term static code analysis means different things to different people in the software industry. There seems to be two main static analysis approaches: (1) program execution or flow-based analysis and (2) pattern-based analysis. For program execution adherents, static analysis means trying to logically execute the program sometimes symbolically to uncover code problems such as memory corruption, leaks, and exceptions. This type of testing largely focuses on identifying code problems without creating test cases. It provides developers with the "instant feedback" they need to quickly address defects and security vulnerabilities on the desktop while they are still working on the code and it is fresh in their minds and it prevents defects and vulnerabilities from making their way further downstream in the software development process, which is where they are much more expensive to identify and remediate. Parasoft Static Analysis and BugDetective Technology Parasoft s static analysis technologies support both flow-based static analysis and pattern-based static analysis. Parasoft s flow-based static analysis technology, called BugDetective, provides effortless early detection of runtime problems and application instabilities (such as NullPointerExceptions, SQL and other injections, resource leaks, and inefficient iterator usage for Java) in paths that span multiple methods, classes, or packages. Parasoft BugDetective technology is available in Parasoft Jtest (for Java code), C++test (for C and C++ code), and.test (for.net code). This paper focuses on BugDetective as it is implemented in Jtest, but the same general concepts and principles apply to all implementations of BugDetective. By automatically tracing and simulating execution paths through even the most complex applications those with paths that span multiple methods, classes, and/or packages and contain dozens of sequence calls BugDetective exposes defects that would be very difficult and time-consuming to find through manual testing or inspections, and would be exponentially more costly to fix if they were not detected until runtime. Using BugDetective, developers can find, diagnose, and fix classes of software errors that can evade pattern-based static analysis and/or unit testing. Exposing these defects early in the software development lifecycle saves hours of diagnosis and potential rework. BugDetective static analysis has two applications within Parasoft Jtest: 1. It is used as a part of Jtest s static analysis to identify flow-based defects in the code as described above. 2. It is used in cooperation with Jtest s unit testing to validate whether exceptions reported in the course of unit testing could actually be triggered by real application paths. 1

3 Benefits of Using BugDetective Using BugDetective, development teams gain the following key benefits: Perform more comprehensive testing with existing resources: BugDetective, complements other testing techniques by allowing you to find problems that would otherwise require the development, execution, and maintenance of complex test cases. BugDetective investigates various branching possibilities in a program, providing a level of path coverage that is difficult to accomplish with traditional testing. As a result, BugDetective often identifies problems that occur while handling rare situations that are typically not covered during testing. Moreover, if the code functionality changes, you can search for defects in the modified version without updating or regenerating test cases. Automatically identify defects that pass through multiple classes: Traditional automated unit test generation helps you identify the defects within a class. This is critical. Most developers have performed thorough testing on a class, corrected all apparent problems, integrated the code, then later encountered problems, such as NullPointerExceptions, that took days to diagnose because they resulted from an obscure or complex execution path that passed through multiple methods or even multiple packages. Using BugDetective, the same problem could be identified in seconds. Focus on actual defects and misuses: BugDetective automatically identifies datadependent or flow-dependent defects with reasonable certainty. In most cases, BugDetective's reported violations indicate actual misuses (as opposed to the possible/hypothetical misuses that might be reported during unit testing). For example, BugDetective would not report a violation for the following code unless there was a method in the source code calling strlen and passing it a null value, but unit testing would report a problem regardless by passing null to the strlen method in the test: public int strlen(string str) { return str.length(); In The Trenches with BugDetective BugDetective s unique breed of static analysis determines whether application s execution paths match suspicious behavior profiles, which are implemented as rules. For each defect found, a hierarchical flow path details the complete execution path that leads to the identified defect, ending with the exact line of code where the bug manifests itself. To reduce the time and effort required to diagnose and correct each problem found, flow path details are supplemented with extensive annotations (for example, a NullPointerException violation description contains annotations describing which variables contain null values at each point in the flow path). To make the analysis process more flexible and tailored to your unique project needs, some rules can be parameterized. As a result, BugDetective can even be used to detect violations bound to usage of very specific APIs. Understanding Flow Paths In the Jtest GUI, each BugDetective violation is represented by a hierarchical flow path that precisely describes the code that leads to the identified problem. Each element in the path is a 2

4 line of code that is executed during runtime. If a flow path has a call to a method, the element representing that method call is a node whose sub-nodes represent execution flow within the called method. The final element in the execution path is always the point where the bug manifests itself. The complete path is presented in order to explain why there is a bug at the final point. Flow path elements are marked with icons that help explain exception handling behavior. If a path has a call to a method that happens to throw an exception on that path, the path element corresponding to the method call is marked by a red sphere. This red sphere indicates that the flow proceeds to a catch or finally block instead of proceeding as normal. Each element in the flow path has a tool tip that describes the variables related to the violation. For example, a NullPointerException violation description contains annotations describing which variables contain null values at each point in the flow path. To view a tool tip for a flow path element, place your cursor over it. If you want to navigate through the code related to a reported execution path, use the Next Violation Element and Previous Violation Element buttons in the Jtest view toolbar. Understanding and Accessing the Violation Origin and Violation Point The violation itself is represented by an execution path with two marked points: Violation origin. This is the "source" of the violation. Normally this is the point which is the source of the "bad data." For instance, in the NullPointerException rule, the violation origin is the source of the null value. Violation point. This is the point of "bad data" usage which normally results in a bug in the program. For the NullPointerException rule, this is the point where the variable with the null value is dereferenced. You can easily access the violation origin and violation point by right-clicking a reported violation (the node with the yellow caution icon), then choosing the appropriate command from the shortcut menu (either Show Violation Origin or Show Violation Point). For example, a "Null pointer exception" rule violation has the commands Show Violation Origin (Point of Null Assignment) and Show Violation Point (NullPointerException Point) in order to help you understand why the exception may occur in the code. 3

5 Running BugDetective Static Flow Analysis In its primary application, BugDetective can be used as a part of Jtest static analysis to statically simulate execution paths through an application and to look for vulnerabilities by analyzing these paths. The depth of the analysis can be decreased for a faster analysis and can be increased for a more thorough and in-depth analysis. To better understand the types of defects that BugDetective flow analysis can expose, consider how Jtest s BugDetective analysis can be applied to sample Java classes. One sample class involves a class instance field that can be null (Example 1 TestField class) and the second one involves the same class with a local variable that can be null (Example 2 TestLocal class). Both classes call a LocalHelper class. The goal is to demonstrate how BugDetective handles (1) intraprocedural calls, and (2) inter-procedural calls (a) within one class and (b) which cross class boundaries. Both of the examples contain instance field and local variable variations of the same defects. The methods named falsepositive contain false positives and the methods named truepositive contain true positives. BugDetective flags the following defects in the two sample files: Method Name TestField.java TestLocal.java falsepositive1 X X falsepositive2 X X falsepositive3 X X falsepositive4 X X ifalsepositive1 X X truepositive1 truepositive2 truepositive3 truepositive4 truepositive5 truepositive6 itruepositive1 itruepositve2 itruepositive3 4

6 Example 1 public class TestFields { Object x; TestFields(Object x) { this.x = x; int falsepositive1(int level) { = x null; if (level > 0) x = new Object(); if (level > 4) return x.hashcode(); int truepositive1(int level) { = x null; if (level > 0) x = new Object(); if (level < 4) return x.hashcode(); int falsepositive2(boolean b) { x = null; if (b) x = new Object(); if (b) int truepositive2(boolean b) { = x null; if (b) x = new Object(); if (!b) int falsepositive3(boolean b) { ject y Ob = null; if (x!= null) y = new Object(); if (y!= null) int truepositive3(boolean b) { Object y = null; if (x!= null) y = new Object(); if (y!= null) int falsepositive4(boolean a, boolean b) { x = null; Object y = null; if (a) x = "x"; if (b) y = "y"; if (y!= null) return x.hashcode() + y.hashcode(); return 0; int truepositive4(boolean a, boolean b) { x = null; Object y = null; if (a) x = "x"; if (b) y = "y"; if (y!= null) int tr Positivue e5() { if (x == null) return x.hashcode(); int truepositive6() { if (x == null) { Object y = x; return y.hashcode(); All false positives are marked in blue and all true positives are marked in green. X indicates that Jtest BugDetective did not report a violation in the method and indicates that Jtest did report a violation in that method. Taking a closer look at the results, notice that BugDetective flagged no false positives in these examples. As Parasoft was developing BugDetective, one of our main goals was to ensure that the level of noise (with respect to reporting of false positives) was minimal even if this meant that fewer defects would be reported. In this specific case, all ten of the false positives were not reported; this is a very good result, and it shows how this design decision manifests itself in BugDetective. Along those lines, BugDetective considers the defects in the truepositive3 method to be false positives even though other technologies may report them as true errors. Consider the following code from the TestFields class: Object x; //NPE origin TestFields(Object x) { this.x = x; int truepositive3(boolean b) { O ect y =bj null; if (x!= null) y = new Object(); if (y!= null) //NPE The instance variable x is initially initialized to null, but it gets reassigned to the value of argument x in the constructor call. Jtest BugDetective does not flag this violation because when simulating execution paths through the code, it sees a potential violation point on the path (the line marked with //NPE) but it does not see a path from the violation origin statement (the line marked with //NPE origin) to that line without going through a constructor. Jtest BugDetective does not flag this violation because it didn't find a path in the source code that contains the following sequence of steps: TestFields tf = new TestFields(); tf.truepositive3(true false); Nor did it find a path such as this: 5

7 int ifalsepositive1(boolean b) { x = null; if (!b)x = new Object(); return LocalHelper.helper1(x, b); int itruepositive1(boolean b) { x = null; if (b) x = new Object(); return LocalHelper.helper1(x, b); int itruepositive2() { x = null; return LocalHelper.helper2(x); int itruepositive3(boolean b) { x = null; if (b) x = "x"; return LocalHelper.helper3(x); Example 2 public class TestLocal { int falsepositive1(int level) { if (level > 0) x = new Object(); if (level > 4) return x.hashcode(); int truepositive1(int level) { if (level > 0) x = new Object(); if (level < 4) return x.hashcode(); int falsepositive2(boolean b) { if (b) x = new Object(); if (b) int truepositive2(boolean b) { if (b) x = new Object(); if (!b) int falsepositive3(object x, boolean b) { Object y = null; if (x!= null) y = new Object(); if (y!= null) int truepositive3(object x, boolean b) { Object y = null; if (x!= null) y = new Object(); if (y!= null) int falsepositive4(boolean a, boolean b) { Object y = null; if (a) x = "x"; TestFields tf = new TestFields(null); tf.truepositive3(true false); However, assume that the following method is added to the TestFields class: void callertruepositive3() { TestFields tf = new TestFields(null); tf.truepositive3(true); Jtest BugDetective now flags this violation since it sees the violation origin and violation point, as well as a code path that leads from one to the other. If the callertruepositive3 method is not in the code, Jtest would not flag the violation in truepositive3 unless it was assuming that the field x can possibly be null (rather than looking for the explicit path). If you enable an extra configuration option for Jtest BugDetective s Avoid NullPointerExceptions rule, BugDetective will make this assumption and flag the violation; however, this option is not enabled by default since it flags what we consider to be false positives. Moreover, even though BugDetective does not flag this violation by default, Jtest s unit testing will report this defect as a unit testing defect; code similar to that in the callertruepositive3 method exists in Jtest s automatically-generated JUnit test case for the truepositive3 method. This is discussed in the following section. Using BugDetective in Cooperation with Jtest Unit Testing BugDetective can also be used to check whether reported exceptions could actually be triggered by real application paths. If a reported exception is validated by BugDetective, its severity level is elevated, and it is specially marked in the Jtest view. This helps users determine whether reported exceptions are real defects. If you configure Jtest to validate exceptions with BugDetective, Jtest will automatically collect the runtime exceptions reported from test case execution, then use BugDetective to try to determine if they can really occur when the code is executed. For example, assume that you have an application A which has a module M with a class C. Also assume that when Jtest automatically generated unit test cases for each of the classes in the application, 6

8 if (b) y = "y"; if (y!= null) int truepositive4(boolean a, boolean b) { Object y = null; if (a) x = "x"; if (b) y = "y"; if (y!= null) int truepositive5(object x) { if (x == null) { int truepositive6(object x) { if (x == null) { Object y = x; return y.hashcode(); int ifalsepositive1(boolean b) { if (!b) x = new Object(); return LocalHelper.helper1(x, b); int itruepositive1(boolean b) { if (b) x = new Object(); return LocalHelper.helper1(x, b); int itruepositive2() { return LocalHelper.helper2(null); int itruepositive3(boolean b) { if (b) x = "x"; return LocalHelper.helper3(x); public class LocalHelper { // Bug when x is null and b is false public static int helper1(object x, boolean b) { if (b) public static int helper2(object x) { public static int helper3(object x) { Jtest's test cases for class C revealed a number of runtime exceptions. Each of these exceptions could indicate one of two things: There is a defect in class C because it should properly handle the input supplied by the test case. Class C is not designed to handle data supplied by the test case and should not be passed that data. With exception validation enabled, Jtest can distinguish between these two categories of reported exceptions. This way, you can instantly tell if a reported exception is a real defect without having to analyze the code. The value of the cooperation between BugDetective and Jtest unit testing is highlighted in the following four scenarios: Exceptions reported by unit testing will be filtered out when BugDetective cannot find a path in the actual code where the test case conditions could really occur. At the same time, it will raise the severity of reported unit testing exceptions if it can find an actual path in the code that validates that exception. BugDetective flags a false positive, but the false positive is filtered out during unit testing due to a lack of confirming unit tests. Unit testing points to suspicious places in the code, and BugDetective (based on that information) performs a more exhaustive analysis of those places than it would in a regular BugDetective run. This allows Jtest to find more defects than would have detected by BugDetective alone. BugDetective finds violation paths that it cannot determine whether to report (according to its heuristics), but then these defects are reported because unit testing flags the same paths. Unit testing exceptions that were validated with BugDetective will be marked with a red shadow in the Jtest view, and their severity level will also be elevated by the degree specified in the Test Configuration s Execution> Severities tab. This allows customers to configure reporting of exceptions to suit their own environment and applications. 7

9 Unit testing exceptions validated by BugDetective point to actual defects, and should be corrected. Exceptions that were checked with BugDetective, but not validated, indicate that the class is not designed to handle the data that was supplied by the test case and should not be passed that data. Contracts should be added to specify that such data is not permitted. Example 3 public class SimpleNeverHappenedAndNotAcknowledgeByBD { /** private class Name { String _name; Name _objectname; Name (String name) { _name = name; public String tostring() { return _name; public String getname () { return _objectname.tostring(); void initialize (String name) { _objectname = new Name (name); public static void main(string[] args) { SimpleNeverHappenedAndNotAcknowledgeByBD obj = new SimpleNeverHappenedAndNotAcknowledgeByBD(); System.out.println(obj.getName()); //NPE */ BugDetective Promotes Exceptions Reported by Unit Testing Example 3 demonstrates how exceptions reported by unit testing are promoted by BugDetective. First, we ran the built-in BugDetective Test Configuration on Example 3, then we ran the built-in Generate and Execute Unit Tests Test Configuration, then we ran a user-defined Generate and Execute Unit Tests Test Configuration that had BugDetective validation enabled. With the code in the main() method commented out, BugDetective does not report any defects because there is no place in the code where getname() is called before initialize() is called. When unit testing is performed with the built-in Generate and Execute Unit Tests Test Configuration, Jtest reports one java.lang.nullpointerexception. The test case for the NullPointerException is: public void testgetname5() throws Throwable { SimpleNeverHappenedAndNotAcknowledgeByBD testedobject = new SimpleNeverHappenedAndNotAcknowledgeByBD(); String result = testedobject.getname(); // NullPointerException thrown // at example.a.simpleneverhappenedandnotacknowledgebybd.getname (SimpleNeverHappenedAndNotAcknowledgeByBD.java:36) // jtest_unverified When unit testing is performed with the user-defined Generate and Execute Unit Tests Test Configuration with BugDetective validation enabled, Jtest reports exactly the same results. In this case, that is expected. Since BugDetective found no violation paths in this example, no unit testing exceptions could be promoted. 8

10 Now, let s repeat the same test with the main() method uncommented. BugDetective alone reports a possible NullPointerException on line 13, which is marked with // NPE. Unit testing with the built-in Generate and Execute Unit Tests Test Configuration generates two more test cases one of which causes another NullPointerException. That test case is listed below. public void testmain1() throws Throwable { String[] strings = new String[] {; SimpleNeverHappenedAndNotAcknowledgeByBD.main(strings); // NullPointerException thrown // at example.a.simpleneverhappenedandnotacknowledgebybd.getname(simpleneverhappenedandnotackno wledgebybd.java:36) // at example.a.simpleneverhappenedandnotacknowledgebybd.main(simpleneverhappenedandnotacknowl e dgebybd.java:50) // jtest_unverified Running unit testing with the user-defined Generate and Execute Unit Tests Test Configuration with BugDetective validation enabled indeed increases the severity of both unit test cases that were reporting NullPointerExceptions. In each case, this is because BugDetective finds an actual path leading to the NullPointerException. In a large code base, this promotion process would typically make it significantly easier to zero in on the real bugs and focus resources accordingly. Example 4 public class BDBogusNotApprovedByUT { private boolean B = true; BDBogusNotApprovedByUT() { B = false; public void test() { Object o = null; if (B) { o.tostring(); //NPE { // we should go into this method (violation search method analysis guide) // CallFromAnotherFile.methodWithNpe(o); Unit Testing and BugDetective in Cooperation Filter Out Exceptions Reported by BugDetective One could argue about the value of BugDetective filtering, since BugDetective was already catching this NullPointerException. Therefore let s look at an example (Example 4) in which BugDetective reports a false positive on its own, but no defects are reported when BugDetective works in cooperation with unit testing. BugDetective triggers a warning on line 17, which is marked with //NPE. This is because BugDetective can see that field B is set to true, and it does not realize that the default constructor sets field B to be false before the test() method is called. Unit testing on its own does not report any exceptions, and hence unit testing with BugDetective validation enabled does not report any exceptions either. Therefore, even though BugDetective by itself reports this false positive, it is filtered out when BugDetective works in cooperation with unit testing. This is a very simple example and one can claim that such a case should be fixed. Perhaps but there are many possibilities where BugDetective s heuristics can make a mistake and report a false positive. In such cases, unit testing can successfully be used to either validate or filter out these exceptions. Conclusion The unique breed of flow analysis that BugDetective provides helps software development teams find critical runtime bugs without executing code, as well as validate whether exceptions exposed by unit test cases are real bugs that could actually surface in the field. BugDetective exposes 9

11 bugs that would often evade pattern-matching static analysis and unit testing, yet would be very difficult and time-consuming to find through manual testing or inspections When BugDetective is applied as part of a comprehensive regression test suite that also includes pattern-matching static analysis, unit testing, in-container testing (for Java), API testing, module testing, and so forth, it helps development teams to: Modify existing code quickly, and with confidence By enabling teams to quickly build a regression safety net that will expose defects immediately upon introduction and determine if code modifications break existing functionality even if the team has a large existing code base with no tests or minimal tests. Control development costs and schedules By exposing errors as early as possible, which is when they are fastest and cheapest to fix, and by testing a broad range of potential user paths to uncover difficult-to-find problems that could delay releases or require post-release patches. Optimize development resources By automatically vetting approximately 80% of coding issues so developers can spend less time on line-by-line inspections and debugging, and more time on design, algorithms, and implementation. Leverage the power of the latest technologies while controlling their risks By reducing the difficulty of testing complex enterprise applications (such as SOA/Web services and Java EE applications). Gain instant visibility into Java code's quality and readiness By providing ondemand objective code assessments and tracks progress towards quality and schedule targets. Learning More Parasoft BugDetective is available with Parasoft Jtest and C++test, and.test. To learn more about Parasoft BugDetective, contact Parasoft as described below, or visit About Parasoft For 20 years, Parasoft has investigated how and why software errors are introduced into applications. Our solutions leverage this research to deliver quality as a continuous process throughout the SDLC. This promotes strong code foundations, solid functional components, and robust business processes. Whether you are delivering Service-Oriented Architectures (SOA), evolving legacy systems, or improving quality processes draw on our expertise and awardwinning products to increase productivity and the quality of your business applications. For more information visit: Contacting Parasoft USA 101 E. Huntington Drive, 2nd Floor Monrovia, CA Toll Free: (888) Tel: (626)

12 Fax: (626) URL: Europe France: Tel: +33 (1) UK: Tel: + 44 (0) Germany: Tel: Asia Tel: Other Locations See Parasoft Corporation All rights reserved. Parasoft and all Parasoft products and services listed within are trademarks or registered trademarks of Parasoft Corporation. All other products, services, and companies are trademarks, registered trademarks, or servicemarks of their respective holders in the US and/or other countries. 11

Code Review Best Practices. With Adam Kolawa, Ph.D.

Code Review Best Practices. With Adam Kolawa, Ph.D. Code Review Best Practices With Adam Kolawa, Ph.D. This paper is part of a series of interviews in which Adam Kolawa Parasoft CEO and Automated Defect Prevention: Best Practices in Software Management

More information

Integrated Error-Detection Techniques: Find More Bugs in Java Applications

Integrated Error-Detection Techniques: Find More Bugs in Java Applications Integrated Error-Detection Techniques: Find More Bugs in Java Applications Software verification techniques such as pattern-based static code analysis, runtime error detection, unit testing, and flow analysis

More information

Static Analysis Best Practices

Static Analysis Best Practices Static Analysis Best Practices This is the first in a series of interviews in which Adam Kolawa Parasoft CEO and Automated Defect Prevention: Best Practices in Software Management (Wiley-IEEE, 2007) co-author

More information

Test-Driven Development and Unit Testing with Parasoft Concerto

Test-Driven Development and Unit Testing with Parasoft Concerto Test-Driven Development and Unit Testing with Parasoft Concerto What is Test-Driven Development (TDD)? Test-Driven Development (TDD) was first introduced as a key part of Extreme Programming. In a nutshell,

More information

Increase Software Development Productivity:

Increase Software Development Productivity: Increase Software Development Productivity: Equations for Efficiency By Adam Kolawa, Parasoft Co-Founder and CEO Why Productivity Matters In today s economy, software development is a great expense for

More information

Satisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry

Satisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Satisfying Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Introduction Safety functions are increasingly being carried out by electrical, electronic, or programmable

More information

Ce document a été téléchargé depuis le site de Precilog. - Services de test SOA, - Intégration de solutions de test.

Ce document a été téléchargé depuis le site de Precilog. - Services de test SOA, - Intégration de solutions de test. Ce document a été téléchargé depuis le site de Precilog. - Services de test SOA, - Intégration de solutions de test. 01 39 20 13 55 info@precilog.com www.precilog.com End to End Process Testing & Validation:

More information

Outsourced/Geographically-Distributed Development Starter Kit

Outsourced/Geographically-Distributed Development Starter Kit Outsourced/Geographically-Distributed Development Starter Kit Parasoft Development Testing Platform Parasoft s Development Testing Platform ensures the consistent application of software quality and security

More information

Web Services API Developer Guide

Web Services API Developer Guide Web Services API Developer Guide Contents 2 Contents Web Services API Developer Guide... 3 Quick Start...4 Examples of the Web Service API Implementation... 13 Exporting Warehouse Data... 14 Exporting

More information

Establishing a Continuous Process for PCI DSS Compliance

Establishing a Continuous Process for PCI DSS Compliance Establishing a Continuous Process for PCI DSS Compliance Visa, MasterCard, American Express, and other payment card companies currently require all U.S. merchants accepting credit card payments to comply

More information

Automating.NET Development Best Practices: The Fast Track to Reliable and Agile.NET Software

Automating.NET Development Best Practices: The Fast Track to Reliable and Agile.NET Software Automating.NET Development Best Practices: The Fast Track to Reliable and Agile.NET Software Over the years, software industry experts have identified best practices that reliably improve developer productivity

More information

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects Effective Management of Static Analysis Vulnerabilities and Defects Introduction According to a recent industry study, companies are increasingly expanding their development testing efforts to lower their

More information

Evaluation of AgitarOne

Evaluation of AgitarOne Carnegie Mellon University, School of Computer Science Master of Software Engineering Evaluation of AgitarOne Analysis of Software Artifacts Final Project Report April 24, 2007 Edited for public release

More information

Linux Kernel. Security Report

Linux Kernel. Security Report Linux Kernel Security Report September 25 Authors: Andy Chou, Bryan Fulton and Seth Hallem Coverity has combined two years of analysis work carried out in a commercial setting at Coverity with four years

More information

Oracle Solaris Studio Code Analyzer

Oracle Solaris Studio Code Analyzer Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access

More information

Automating C/C++ Unit Testing and Coding Standard Analysis with Parasoft C++test

Automating C/C++ Unit Testing and Coding Standard Analysis with Parasoft C++test Automating C/C++ Unit Testing and Coding Standard Analysis with Parasoft C++test Introduction Preventing errors is the key to delivering reliable C/C++ software as rapidly and efficiently as possible.

More information

CASE STUDY: AgitarOne Ensures Quality of Outsourced Software Development at Major International Bank

CASE STUDY: AgitarOne Ensures Quality of Outsourced Software Development at Major International Bank CASE STUDY: AgitarOne Ensures Quality of Outsourced Software Development at Major International Bank One of the major international Banks has adopted AgitarOne (www.agitar.com) technology for delivering

More information

No no-argument constructor. No default constructor found

No no-argument constructor. No default constructor found Every software developer deals with bugs. The really tough bugs aren t detected by the compiler. Nasty bugs manifest themselves only when executed at runtime. Here is a list of the top ten difficult and

More information

Application Code Development Standards

Application Code Development Standards Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards

More information

White Paper 6 Steps to Enhance Performance of Critical Systems

White Paper 6 Steps to Enhance Performance of Critical Systems White Paper 6 Steps to Enhance Performance of Critical Systems Despite the fact that enterprise IT departments have invested heavily in dynamic testing tools to verify and validate application performance

More information

CS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions

CS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions CS 2112 Spring 2014 Assignment 3 Data Structures and Web Filtering Due: March 4, 2014 11:59 PM Implementing spam blacklists and web filters requires matching candidate domain names and URLs very rapidly

More information

Best Practices for Verification, Validation, and Test in Model- Based Design

Best Practices for Verification, Validation, and Test in Model- Based Design 2008-01-1469 Best Practices for Verification, Validation, and in Model- Based Design Copyright 2008 The MathWorks, Inc. Brett Murphy, Amory Wakefield, and Jon Friedman The MathWorks, Inc. ABSTRACT Model-Based

More information

Minimizing code defects to improve software quality and lower development costs.

Minimizing code defects to improve software quality and lower development costs. Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari

More information

Countering The Faults Of Web Scanners Through Byte-code Injection

Countering The Faults Of Web Scanners Through Byte-code Injection Countering The Faults Of Web Scanners Through Byte-code Injection Introduction Penetration testing, web application scanning, black box security testing these terms all refer to a common technique of probing

More information

Software Engineering Techniques

Software Engineering Techniques Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary

More information

CHAPTER 10: WEB SERVICES

CHAPTER 10: WEB SERVICES Chapter 10: Web Services CHAPTER 10: WEB SERVICES Objectives Introduction The objectives are: Provide an overview on how Microsoft Dynamics NAV supports Web services. Discuss historical integration options,

More information

How Virtual Compilation Transforms Code Analysis

How Virtual Compilation Transforms Code Analysis How Virtual Compilation Transforms Code Analysis 2009 Checkmarx. All intellectual property rights in this publication are owned by Checkmarx Ltd. and are protected by United States copyright laws, other

More information

SilkTest Workbench. Getting Started with.net Scripts

SilkTest Workbench. Getting Started with.net Scripts SilkTest Workbench Getting Started with.net Scripts Borland Software Corporation 4 Hutton Centre Dr., Suite 900 Santa Ana, CA 92707 Copyright 2010 Micro Focus (IP) Limited. All Rights Reserved. SilkTest

More information

Transaction Monitoring Version 8.1.3 for AIX, Linux, and Windows. Reference IBM

Transaction Monitoring Version 8.1.3 for AIX, Linux, and Windows. Reference IBM Transaction Monitoring Version 8.1.3 for AIX, Linux, and Windows Reference IBM Note Before using this information and the product it supports, read the information in Notices. This edition applies to V8.1.3

More information

Static Code Analysis Procedures in the Development Cycle

Static Code Analysis Procedures in the Development Cycle Static Code Analysis Procedures in the Development Cycle Tools, Technology, and Process in Engineering at Microsoft Mooly Beeri Microsoft Haifa R&D Center Agenda Static code analysis tools PREfix and PREfast

More information

IBM Operational Decision Manager Version 8 Release 5. Getting Started with Business Rules

IBM Operational Decision Manager Version 8 Release 5. Getting Started with Business Rules IBM Operational Decision Manager Version 8 Release 5 Getting Started with Business Rules Note Before using this information and the product it supports, read the information in Notices on page 43. This

More information

Software Tests with Faktor-IPS Gunnar Tacke, Jan Ortmann (Dokumentversion 203)

Software Tests with Faktor-IPS Gunnar Tacke, Jan Ortmann (Dokumentversion 203) Software Tests with Faktor-IPS Gunnar Tacke, Jan Ortmann (Dokumentversion 203) Overview In each software development project, software testing entails considerable expenses. Running regression tests manually

More information

DiskBoss. File & Disk Manager. Version 2.0. Dec 2011. Flexense Ltd. www.flexense.com info@flexense.com. File Integrity Monitor

DiskBoss. File & Disk Manager. Version 2.0. Dec 2011. Flexense Ltd. www.flexense.com info@flexense.com. File Integrity Monitor DiskBoss File & Disk Manager File Integrity Monitor Version 2.0 Dec 2011 www.flexense.com info@flexense.com 1 Product Overview DiskBoss is an automated, rule-based file and disk manager allowing one to

More information

Generating Automated Test Scripts for AltioLive using QF Test

Generating Automated Test Scripts for AltioLive using QF Test Generating Automated Test Scripts for AltioLive using QF Test Author: Maryam Umar Contents 1. Introduction 2 2. Setting up QF Test 2 3. Starting an Altio application 3 4. Recording components 5 5. Performing

More information

Service Virtualization Implementation Strategies

Service Virtualization Implementation Strategies Service Virtualization Implementation Strategies The Business Benefits of Service Virtualization No matter what industry you're in, software is increasingly becoming the interface to your business. Organizations

More information

tools that make every developer a quality expert

tools that make every developer a quality expert tools that make every developer a quality expert Google: www.google.com Copyright 2006-2010, Google,Inc.. All rights are reserved. Google is a registered trademark of Google, Inc. and CodePro AnalytiX

More information

How to test and debug an ASP.NET application

How to test and debug an ASP.NET application Chapter 4 How to test and debug an ASP.NET application 113 4 How to test and debug an ASP.NET application If you ve done much programming, you know that testing and debugging are often the most difficult

More information

Troubleshooting PHP Issues with Zend Server Code Tracing

Troubleshooting PHP Issues with Zend Server Code Tracing White Paper: Troubleshooting PHP Issues with Zend Server Code Tracing Technical January 2010 Table of Contents Introduction... 3 What is Code Tracing?... 3 Supported Workflows... 4 Manual Workflow... 4

More information

Seven Practical Steps to Delivering More Secure Software. January 2011

Seven Practical Steps to Delivering More Secure Software. January 2011 Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step

More information

Attix5 Pro Server Edition

Attix5 Pro Server Edition Attix5 Pro Server Edition V7.0.2 User Manual for Mac OS X Your guide to protecting data with Attix5 Pro Server Edition. Copyright notice and proprietary information All rights reserved. Attix5, 2013 Trademarks

More information

Tool-Assisted Unit-Test Generation and Selection Based on Operational Abstractions

Tool-Assisted Unit-Test Generation and Selection Based on Operational Abstractions Tool-Assisted Unit-Test Generation and Selection Based on Operational Abstractions Tao Xie 1 and David Notkin 2 (xie@csc.ncsu.edu,notkin@cs.washington.edu) 1 Department of Computer Science, North Carolina

More information

Software Development Management. By Adam Kolawa, Parasoft co-founder and CEO

Software Development Management. By Adam Kolawa, Parasoft co-founder and CEO Software Development Management By Adam Kolawa, Parasoft co-founder and CEO Parasoft has been developing software for more than 20 years. During this time, we have come to understand that there is no silver

More information

Test What You ve Built

Test What You ve Built Test What You ve Built About Your Presenter IBM i Professional for 16 Years. Primary Focus is IBM i Engineering / Programming Well Versed in 2E. Well Versed in RPG (All Flavors) Well Versed in CM Products

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

Coverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing

Coverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies

More information

Using TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development

Using TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development Using TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development The FDA requires medical software development teams to comply with its standards for software

More information

I. INTRODUCTION. International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 2, Mar-Apr 2015

I. INTRODUCTION. International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 2, Mar-Apr 2015 RESEARCH ARTICLE An Exception Monitoring Using Java Jyoti Kumari, Sanjula Singh, Ankur Saxena Amity University Sector 125 Noida Uttar Pradesh India OPEN ACCESS ABSTRACT Many programmers do not check for

More information

INTEGRATING MICROSOFT DYNAMICS CRM WITH SIMEGO DS3

INTEGRATING MICROSOFT DYNAMICS CRM WITH SIMEGO DS3 INTEGRATING MICROSOFT DYNAMICS CRM WITH SIMEGO DS3 Often the most compelling way to introduce yourself to a software product is to try deliver value as soon as possible. Simego DS3 is designed to get you

More information

25 Tips for Creating Effective Load Test Scripts using Oracle Load Testing for E-Business Suite and Fusion Applications.

25 Tips for Creating Effective Load Test Scripts using Oracle Load Testing for E-Business Suite and Fusion Applications. 25 Tips for Creating Effective Load Test Scripts using Oracle Load Testing for E-Business Suite and Fusion Applications. O R A C L E W H I T E P A P E R S E P T E M B E R 2 0 1 4 Table of Contents Product

More information

Kaldeera Workflow Designer 2010 User's Guide

Kaldeera Workflow Designer 2010 User's Guide Kaldeera Workflow Designer 2010 User's Guide Version 1.0 Generated May 18, 2011 Index 1 Chapter 1: Using Kaldeera Workflow Designer 2010... 3 1.1 Getting Started with Kaldeera... 3 1.2 Importing and exporting

More information

Experimental Comparison of Concolic and Random Testing for Java Card Applets

Experimental Comparison of Concolic and Random Testing for Java Card Applets Experimental Comparison of Concolic and Random Testing for Java Card Applets Kari Kähkönen, Roland Kindermann, Keijo Heljanko, and Ilkka Niemelä Aalto University, Department of Information and Computer

More information

Chapter 17 Software Testing Strategies Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman For

More information

Adobe Acrobat 9 Digital Signatures, Changes and Improvements

Adobe Acrobat 9 Digital Signatures, Changes and Improvements Technical White Paper Updated for Adobe Acrobat and Adobe Reader 9.1 CONTENTS Introduction 1 Indication of overall validity state 3 Revision tracking in Signature panel 7 Change in status of forms that

More information

Assurance in Service-Oriented Environments

Assurance in Service-Oriented Environments Assurance in Service-Oriented Environments Soumya Simanta Research, Technology, and System Solutions (RTSS) Program Software Engineering Institute Carnegie Mellon University Pittsburgh 15232 28 th October,

More information

CS 111 Classes I 1. Software Organization View to this point:

CS 111 Classes I 1. Software Organization View to this point: CS 111 Classes I 1 Software Organization View to this point: Data Objects and primitive types Primitive types operators (+, /,,*, %). int, float, double, char, boolean Memory location holds the data Objects

More information

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References Outline Computer Science 331 Introduction to Testing of Programs Mike Jacobson Department of Computer Science University of Calgary Lecture #3-4 1 Denitions 2 3 4 Implementation and Evaluation 5 Debugging

More information

IBM Rational Rapid Developer Components & Web Services

IBM Rational Rapid Developer Components & Web Services A Technical How-to Guide for Creating Components and Web Services in Rational Rapid Developer June, 2003 Rev. 1.00 IBM Rational Rapid Developer Glenn A. Webster Staff Technical Writer Executive Summary

More information

Automating Security Testing. Mark Fallon Senior Release Manager Oracle

Automating Security Testing. Mark Fallon Senior Release Manager Oracle Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage

More information

Development Testing for Agile Environments

Development Testing for Agile Environments Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive

More information

Chapter 8 Software Testing

Chapter 8 Software Testing Chapter 8 Software Testing Summary 1 Topics covered Development testing Test-driven development Release testing User testing 2 Program testing Testing is intended to show that a program does what it is

More information

HP Quality Center. Upgrade Preparation Guide

HP Quality Center. Upgrade Preparation Guide HP Quality Center Upgrade Preparation Guide Document Release Date: November 2008 Software Release Date: November 2008 Legal Notices Warranty The only warranties for HP products and services are set forth

More information

Also on the Performance tab, you will find a button labeled Resource Monitor. You can invoke Resource Monitor for additional analysis of the system.

Also on the Performance tab, you will find a button labeled Resource Monitor. You can invoke Resource Monitor for additional analysis of the system. 1348 CHAPTER 33 Logging and Debugging Monitoring Performance The Performance tab enables you to view the CPU and physical memory usage in graphical form. This information is especially useful when you

More information

Record-Level Access: Under the Hood

Record-Level Access: Under the Hood Record-Level Access: Under the Hood Salesforce, Summer 15 @salesforcedocs Last updated: May 20, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Attix5 Pro Server Edition

Attix5 Pro Server Edition Attix5 Pro Server Edition V7.0.3 User Manual for Linux and Unix operating systems Your guide to protecting data with Attix5 Pro Server Edition. Copyright notice and proprietary information All rights reserved.

More information

Eliminate Memory Errors and Improve Program Stability

Eliminate Memory Errors and Improve Program Stability Eliminate Memory Errors and Improve Program Stability with Intel Parallel Studio XE Can running one simple tool make a difference? Yes, in many cases. You can find errors that cause complex, intermittent

More information

Extending Legacy Applications to Consume Web Services. OpenSpan White Paper Series: Extending Legacy Applications to Consume Web Services

Extending Legacy Applications to Consume Web Services. OpenSpan White Paper Series: Extending Legacy Applications to Consume Web Services OpenSpan White Paper Series: Extending Legacy Applications to Consume Web Services Extending Legacy Applications to Consume Web Services Achieving SOA Now p.2 OpenSpan White Paper Series: Extending Legacy

More information

FioranoMQ 9. High Availability Guide

FioranoMQ 9. High Availability Guide FioranoMQ 9 High Availability Guide Copyright (c) 1999-2008, Fiorano Software Technologies Pvt. Ltd., Copyright (c) 2008-2009, Fiorano Software Pty. Ltd. All rights reserved. This software is the confidential

More information

Using WebLOAD to Monitor Your Production Environment

Using WebLOAD to Monitor Your Production Environment Using WebLOAD to Monitor Your Production Environment Your pre launch performance test scripts can be reused for post launch monitoring to verify application performance. This reuse can save time, money

More information

Getting Started using the SQuirreL SQL Client

Getting Started using the SQuirreL SQL Client Getting Started using the SQuirreL SQL Client The SQuirreL SQL Client is a graphical program written in the Java programming language that will allow you to view the structure of a JDBC-compliant database,

More information

Multi-user Collaboration with Revit Worksets

Multi-user Collaboration with Revit Worksets Autodesk Revit White Paper Multi-user Collaboration with Revit Worksets Starting Your First Multi-user Project On many building projects, designers work in teams with each assigned a specific functional

More information

Microsoft TMG Replacement with NetScaler

Microsoft TMG Replacement with NetScaler Microsoft TMG Replacement with NetScaler Replacing Microsoft Forefront TMG with NetScaler for Optimization This deployment guide focuses on replacing Microsoft Forefront Threat Management Gateway (TMG)

More information

Baseline Code Analysis Using McCabe IQ

Baseline Code Analysis Using McCabe IQ White Paper Table of Contents What is Baseline Code Analysis?.....2 Importance of Baseline Code Analysis...2 The Objectives of Baseline Code Analysis...4 Best Practices for Baseline Code Analysis...4 Challenges

More information

Model Simulation in Rational Software Architect: Business Process Simulation

Model Simulation in Rational Software Architect: Business Process Simulation Model Simulation in Rational Software Architect: Business Process Simulation Mattias Mohlin Senior Software Architect IBM The BPMN (Business Process Model and Notation) is the industry standard notation

More information

Issue in Focus: Integrating Cloud PLM. Considerations for Systems Integration in the Cloud

Issue in Focus: Integrating Cloud PLM. Considerations for Systems Integration in the Cloud Issue in Focus: Integrating Cloud PLM Considerations for Systems Integration in the Cloud 1 Tech-Clarity, Inc. 2012 Table of Contents Introducing the Issue... 3 Start with the Business in Mind... 4 Choose

More information

Detecting Critical Defects on the Developer s Desktop

Detecting Critical Defects on the Developer s Desktop Detecting Critical Defects on the Developer s Desktop Seth Hallem CEO Coverity, Inc. Copyright Coverity, Inc. 2006. All Rights Reserved. This publication, in whole or in part, may not be reproduced, stored

More information

Software testing. Objectives

Software testing. Objectives Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Improving Software Quality to Drive Business Agility Sponsored by: Coverity Inc. Melinda-Carol Ballou June 2008 IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200

More information

Content Management Implementation Guide 5.3 SP1

Content Management Implementation Guide 5.3 SP1 SDL Tridion R5 Content Management Implementation Guide 5.3 SP1 Read this document to implement and learn about the following Content Manager features: Publications Blueprint Publication structure Users

More information

Using the TASKING Software Platform for AURIX

Using the TASKING Software Platform for AURIX Using the TASKING Software Platform for AURIX MA160-869 (v1.0rb3) June 19, 2015 Copyright 2015 Altium BV. All rights reserved. You are permitted to print this document provided that (1) the use of such

More information

The Practical Organization of Automated Software Testing

The Practical Organization of Automated Software Testing The Practical Organization of Automated Software Testing Author: Herbert M. Isenberg Ph.D. Quality Assurance Architect Oacis Healthcare Systems PO Box 3178 Sausalito, CA. 94966 Type: Experience Report

More information

INTELLIGENT DEFECT ANALYSIS SOFTWARE

INTELLIGENT DEFECT ANALYSIS SOFTWARE INTELLIGENT DEFECT ANALYSIS SOFTWARE Website: http://www.siglaz.com Semiconductor fabs currently use defect count or defect density as a triggering mechanism for their Statistical Process Control. However,

More information

User Guide Package Exception Management

User Guide Package Exception Management User Guide Package Exception Management 70-3262-4.6 PRECISION Applications 2012 September 2012 2012 Precision Software, a division of QAD Inc. Precision Software products are copyrighted and all rights

More information

Silect Software s MP Author

Silect Software s MP Author Silect MP Author for Microsoft System Center Operations Manager Silect Software s MP Author User Guide September 2, 2015 Disclaimer The information in this document is furnished for informational use only,

More information

Software Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland

Software Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland Software Testing & Analysis (F22ST3) Static Analysis Techniques Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3): Static

More information

How to Develop Accessible Linux Applications

How to Develop Accessible Linux Applications Sharon Snider Copyright 2002 by IBM Corporation v1.1, 2002 05 03 Revision History Revision v1.1 2002 05 03 Revised by: sds Converted to DocBook XML and updated broken links. Revision v1.0 2002 01 28 Revised

More information

Debugging Java Applications

Debugging Java Applications Debugging Java Applications Table of Contents Starting a Debugging Session...2 Debugger Windows...4 Attaching the Debugger to a Running Application...5 Starting the Debugger Outside of the Project's Main

More information

Personalize the Forms - How to Oracle Applications Release 11.5.10

Personalize the Forms - How to Oracle Applications Release 11.5.10 Personalize the Forms - How to Oracle Applications Release 11.5.10 A Technical White paper June 2005 Ramakrishna Goud ramakrishna.goud@ge.com Executive Overview With the Oracle E-Business Suite release

More information

TESTING FRAMEWORKS. Gayatri Ghanakota

TESTING FRAMEWORKS. Gayatri Ghanakota TESTING FRAMEWORKS Gayatri Ghanakota OUTLINE Introduction to Software Test Automation. What is Test Automation. Where does Test Automation fit in the software life cycle. Why do we need test automation.

More information

Using Karel with Eclipse

Using Karel with Eclipse Mehran Sahami Handout #6 CS 106A September 23, 2015 Using Karel with Eclipse Based on a handout by Eric Roberts Once you have downloaded a copy of Eclipse as described in Handout #5, your next task is

More information

vcenter Orchestrator Developer's Guide

vcenter Orchestrator Developer's Guide vcenter Orchestrator 4.0 EN-000129-02 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product

More information

Proof of Concept. A New Data Validation Technique for Microsoft ASP.NET Web Applications. Foundstone Professional Services

Proof of Concept. A New Data Validation Technique for Microsoft ASP.NET Web Applications. Foundstone Professional Services Proof of Concept A New Data Validation Technique for Microsoft ASP.NET Web Applications Foundstone Professional Services February 2005 Introduction Despite significant awareness of security issues like

More information

PTC Integrity Eclipse and IBM Rational Development Platform Guide

PTC Integrity Eclipse and IBM Rational Development Platform Guide PTC Integrity Eclipse and IBM Rational Development Platform Guide The PTC Integrity integration with Eclipse Platform and the IBM Rational Software Development Platform series allows you to access Integrity

More information

Aras Corporation. 2005 Aras Corporation. All rights reserved. Notice of Rights. Notice of Liability

Aras Corporation. 2005 Aras Corporation. All rights reserved. Notice of Rights. Notice of Liability Aras Corporation 2005 Aras Corporation. All rights reserved Notice of Rights All rights reserved. Aras Corporation (Aras) owns this document. No part of this document may be reproduced or transmitted in

More information

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution

More information

Effective Management of Static Analysis Vulnerabilities and Defects

Effective Management of Static Analysis Vulnerabilities and Defects Effective Management of Static Analysis Vulnerabilities and Defects Best Practices for Both Agile and Waterfall Development Environments Matthew Hayward, Director of Professional Services, Coverity Introduction

More information

SOFTWARE TESTING TRAINING COURSES CONTENTS

SOFTWARE TESTING TRAINING COURSES CONTENTS SOFTWARE TESTING TRAINING COURSES CONTENTS 1 Unit I Description Objectves Duration Contents Software Testing Fundamentals and Best Practices This training course will give basic understanding on software

More information

Licensed for viewing only. Printing is prohibited. For hard copies, please purchase from www.agileskills.org

Licensed for viewing only. Printing is prohibited. For hard copies, please purchase from www.agileskills.org Unit Test 301 CHAPTER 12Unit Test Unit test Suppose that you are writing a CourseCatalog class to record the information of some courses: class CourseCatalog { CourseCatalog() { void add(course course)

More information

Microsoft Access is an outstanding environment for both database users and professional. Introduction to Microsoft Access and Programming SESSION

Microsoft Access is an outstanding environment for both database users and professional. Introduction to Microsoft Access and Programming SESSION 539752 ch01.qxd 9/9/03 11:38 PM Page 5 SESSION 1 Introduction to Microsoft Access and Programming Session Checklist Understanding what programming is Using the Visual Basic language Programming for the

More information

Load testing with WAPT: Quick Start Guide

Load testing with WAPT: Quick Start Guide Load testing with WAPT: Quick Start Guide This document describes step by step how to create a simple typical test for a web application, execute it and interpret the results. A brief insight is provided

More information

Parasoft and Skytap Deliver 24/7 Access to Complete Test Environments

Parasoft and Skytap Deliver 24/7 Access to Complete Test Environments Parasoft and Skytap Deliver 24/7 Access to Complete Test Environments The ability to accurately assess the risk of a release candidate for today's composite applications is becoming a tall order. You have

More information