Detecting Critical Defects on the Developer s Desktop
|
|
- Robyn James
- 8 years ago
- Views:
Transcription
1 Detecting Critical Defects on the Developer s Desktop Seth Hallem CEO Coverity, Inc. Copyright Coverity, Inc All Rights Reserved. This publication, in whole or in part, may not be reproduced, stored in a computerized, or other retrieval system or transmitted in any form, or by any means whatsoever without the prior written permission of Coverity, Inc.
2 Significant Challenge: High Quality Software Code is increasingly complex The cost of Failure is high Software bugs are costly Code is increasing in size and complexity A single defect or security vulnerability can have an enormous impact on the customer Bugs delay development efforts and impact new feature development MLOC Exponential LOC growth in typical GM car Source: Tony Scott CIO, GM Application-level security attacks on the rise # applicationlevel attacks Source: Gartner 80% increase Developers spend significant time testing & fixing bugs Product time on projects 24% Time on canceled projects 15% Source: Caper Jones Testing, Repairs 61% 2
3 Software Complexity is Rising By 2010, cars will have 100 million lines of code Exponential LOC growth in typical GM car MLOC Source: Tony Scott CIO, GM 3
4 Rising Cost The cost of inadequate software testing is rising In the United States: The annual cost to software developers is over 22 billion dollars The annual cost to end-users is over 35 billion dollars Annual Software Testing Cost to US Economy (Millions of Dollars) 45,000 40,000 35,000 30,000 25,000 20,000 15,000 10,000 5,000 0 Development Cost End-user Cost NIST Planning Report May,
5 The Promise of Static Analysis Tools Software Development Process Design Code Integrate QA Release Static Analysis BENEFITS Bugs Detects problems early in SDLC Security Vulnerabilities No test cases required Points to specific LOC Systematic 5
6 Traditional Challenges in Static Analysis Software Development Process Design Code Integration QA Release Static Analysis TRADITIONAL FAILURES Warnings False Positives High Cost Of Ownership Poor Results Hard to integrate Significant configuration & tuning Does not scale Partial code path coverage Shallow analysis Uninteresting results Rife with False Positives 6
7 Coverity: Breakthrough Technology Breakthrough Research At Stanford University Computer Systems Lab Analysis Depth Analysis Accuracy Scalability 100% of all code paths Interprocedural analysis 20% false positive rate Millions of lines of code 7
8 Coverity: Core Technologies Build C/C++ Source Code Byte Code Java Source Code C/C++ Virtual Build Java Parser Quality Prevent Checkers Security Interprocedural Dataflow Analysis Statistical Analysis Concurrency Analysis Platform False path pruning 100% of all paths Incremental analysis Extend Custom Checks Defect Manager Developer Dashboard Management Reporting Open Standard Interfaces Uses innovative source code analysis algorithms originating from compiler research Performs a whole program analysis Integrates easily into the software development process Integrated database application enables complete workflow and reporting 8
9 Coverity: Core Features What defects can it find? Security Vulnerabilities System and Process Crashes Infinite Loops Performance Degradations Denial of Service Privilege Escalation How does it work? Do not run the code Zero test cases Runs at compile time Data, Memory and File Corruption Unpredictable Behavior Concurrency issues 9
10 Coverity: Market Leader Accuracy Finds the most valuable flaws in your software Integration Minimal impact on the development process False Positives Likelihood of use Avoids reporting costly noise Built for developers to use and appreciate 10
11 Sample of Coverity Customers 11
12 Coverity History 158 Customers Number Employees Stanford Checker Finds bugs In Linux 1.0 release C analysis C++ analysis released DHS Vulnerability Initiative Contract Awarded Java analysis introduced 12
13 Customer Success: Wall Street Journal Many companies, including RIM, are teaching programmers to write safer code and test their security as software is built, not afterward. 13
14 Coverity Success: Wall Street Journal Many companies, including RIM, are teaching programmers to write safer code Now, Mr. Little uses Coverity every and test their security as software is built, not night afterward. to scan the WSJ code 05/04/06 turned in by engineers. The tool sends Mr. Little an listing red flags. WSJ 05/04/06 14
15 Coverity Success: Quality improvement is top priority designated by executive management Complex requirements for development tools: Had to fit into the existing infrastructure Had to fit into the Capability Maturity Model (CMM) According to WindRiver s s Director of Engineering: We compared and evaluated a number of programming and error detection tools and Coverity was superior. 15
16 Coverity Success: Ease of integration was critical integration with Coverity Prevent is seamless and the usage is straightforward. We went from trial to purchase in 3 weeks. Coverity s impact: Immediate We found several important defects. It does validate the purchase of the tool. Ongoing Development productivity up 30% Time to market cut by 20% 16
Development Testing for Agile Environments
Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive
More informationLinux Kernel. Security Report
Linux Kernel Security Report September 25 Authors: Andy Chou, Bryan Fulton and Seth Hallem Coverity has combined two years of analysis work carried out in a commercial setting at Coverity with four years
More informationIntegrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper
Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility
More informationControlling Software Complexity. The Business Case for Static Source Code Analysis
Controlling Software Complexity The Business Case for Static Source Code Analysis Table of Contents 1. Introduction 2. Defects and Software Quality 3. The Business Challenge of Software 4. The Impact of
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationHow Virtual Compilation Transforms Code Analysis
How Virtual Compilation Transforms Code Analysis 2009 Checkmarx. All intellectual property rights in this publication are owned by Checkmarx Ltd. and are protected by United States copyright laws, other
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationEffective Management of Static Analysis Vulnerabilities and Defects
Effective Management of Static Analysis Vulnerabilities and Defects Best Practices for Both Agile and Waterfall Development Environments Matthew Hayward, Director of Professional Services, Coverity Introduction
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationDevelopers and the Software Supply Chain. Andy Chou, PhD Chief Technology Officer Coverity, Inc.
Developers and the Software Supply Chain Andy Chou, PhD Chief Technology Officer Coverity, Inc. About Andy CTO at Coverity since 2010 Co-founder at Coverity, 2003 From five guys in a garage to 280 employees
More informationApplication Code Development Standards
Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards
More informationBenefits of Test Automation for Agile Testing
Benefits of Test Automation for Agile Testing Manu GV 1, Namratha M 2, Pradeep 3 1 Technical Lead-Testing Calsoft Labs, Bangalore, India 2 Assistant Professor, BMSCE, Bangalore, India 3 Software Engineer,
More informationControlling Software Complexity
Controlling Software Complexity The Business Case for Static Source Code Analysis Ben Chelf, Coverity CTO Andy Chou, Coverity Chief Scientist Introduction Software developers today face significant opportunities
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
WHITE PAPER Improving Software Quality to Drive Business Agility Sponsored by: Coverity Inc. Melinda-Carol Ballou June 2008 IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationWhite Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security
White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review
More informationCoverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects
Effective Management of Static Analysis Vulnerabilities and Defects Introduction According to a recent industry study, companies are increasingly expanding their development testing efforts to lower their
More informationMinimizing code defects to improve software quality and lower development costs.
Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari
More informationCOVERITY SCAN: 2013 OPEN SOURCE REPORT. Coverity Scan: 2013 Open Source Report
Coverity Scan: 2013 Open Source Report Coverity Scan: A Brief Introduction 2 Open Source is Eating the World 3 The State of Open Source Software Quality: C/C++ 6 Linux: Through the Years 12 Key Differences:
More informationOperationalizing Application Security & Compliance
IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the
More informationCoverity Services. World-class professional services, technical support and training from the Coverity development testing experts
Coverity Services World-class professional services, technical support and training from the Coverity development testing experts Coverity has helped over 1,100 customers around the globe assure the quality,
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationHow to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP
How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP Italy Day 2, 2008 March 31 th, 2008 Marco.Morana@OWASP.ORG OWASP Copyright 2008
More informationTest Management Tools
Test White Management Paper Tools Test Management Tools Table of Contents Executive Summary 3 Why Test Management Tools are required 4 What is QMetry? 5 QMetry Features 6 The Tools of QMetry 7 Conclusion
More informationSoftware Assurance Marketplace Use Case
Software Assurance Marketplace Use Case Overview Software Assurance Tool Developer May 2013 - Revision 1.0 The Software Assurance Marketplace (SWAMP) will support five user communities as shown in the
More informationIntegrated Error-Detection Techniques: Find More Bugs in Java Applications
Integrated Error-Detection Techniques: Find More Bugs in Java Applications Software verification techniques such as pattern-based static code analysis, runtime error detection, unit testing, and flow analysis
More information"Cloud Computing: Powering the Future of Testing"
W5 Class 10/5/2011 11:30 AM "Cloud Computing: Powering the Future of Testing" Presented by: Sundar Raghavan Skytap Brought to you by: 340 Corporate Way, Suite 300, Orange Park, FL 32073 888 268 8770 904
More informationHP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security
HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationLaunching great enterprise mobile apps that beat the compe::on. Gabriel Leiferman Sales Manager Spain
Launching great enterprise mobile apps that beat the compe::on Gabriel Leiferman Sales Manager Spain USERS ARE MORE VOCAL THAN EVER 2 USER PERCEPTION IS REALITY Source: Compuware Mobile App Usage survey
More informationhttps://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois Runtime Verification, Inc. (RV): startup company aimed at bringing the best
More informationAccelerate Application Development through DevOps Automation
www.wipro.com Accelerate Application Development through DevOps Automation Giridhara Madakashira, Solutions Head Solutions Strategy Architecture Group (SSAG) Sriraman K R, Product Architect Solutions Strategy
More informationHow to Avoid an Attack - Security Testing as Part of Your Software Testing Process
How to Avoid an Attack - Security Testing as Part of Your Software Testing Process Recent events in the field of information security, which have been publicized extensively in the media - such as the
More informationTOOL EVALUATION REPORT: FORTIFY
TOOL EVALUATION REPORT: FORTIFY Derek D Souza, Yoon Phil Kim, Tim Kral, Tejas Ranade, Somesh Sasalatti ABOUT THE TOOL Background The tool that we have evaluated is the Fortify Source Code Analyzer (Fortify
More informationSource Code Review Using Static Analysis Tools
Source Code Review Using Static Analysis Tools July-August 05 Author: Stavros Moiras Supervisor(s): Stefan Lüders Aimilios Tsouvelekakis CERN openlab Summer Student Report 05 Abstract Many teams at CERN,
More informationUnderstanding How to Choose a Database Platform for Siemens PLM Software s Teamcenter
Understanding How to Choose a Database Platform for Siemens PLM Software s Teamcenter White Paper Published: April 2009 For the latest information, see http://www.microsoft.com/sqlserver/2008. Copyright
More informationEnsuring Code Quality in Multi-threaded Applications
Ensuring Code Quality in Multi-threaded Applications How to Eliminate Concurrency Defects with Static Analysis Ben Chelf, CTO Introduction Most developers would agree that consumers of software today continually
More informationApplication Security Center overview
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &
More informationHow to Build a Trusted Application. John Dickson, CISSP
How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.
More informationDatabase Development Best Practices. Database Development Best Practices. Copyright 2006 Quest Software
Database Development Best Practices Database Development Best Practices Copyright 2006 Quest Software The Impact of Poor Quality and Performing Code End Users Write and compile Test and Debug SQL Optimization
More informationSTATIC CODE ANALYSIS Alexandru G. Bardas 1
Abstract STATIC CODE ANALYSIS Alexandru G. Bardas 1 A lot of the defects that are present in a program are not visible to the compiler. Static code analysis is a way to find bugs and reduce the defects
More informationDOT.Comm Oversight Committee Policy
DOT.Comm Oversight Committee Policy Enterprise Computing Software Policy Service Owner: DOTComm Operations Effective Date: TBD Review Schedule: Annual Last Review Date: Last Revision Date: Approved by:
More informationMobile Application Testing
Mobile Application Testing Whitepaper Author: Scott Aziz Date: June 1, 2012 This whitepaper outlines the critical areas of testing needed to certify mobile enterprise applications Best practices from UST
More informationGood Software. Lecture 6 GSL Peru 2014
Good Software Lecture 6 GSL Peru 2014 What is Good Software? Low cost Good performance Bug-free, efficient, meets its purpose Easy to code Easy to understand, modular Easy to use Clients are satisfied
More informationUsing Static Code Analysis Tools for Detection of Security Vulnerabilities
Using Static Code Analysis Tools for Detection of Security Vulnerabilities Katerina Goseva-Popstajanova & Andrei Perhinschi Lane Deptartment of Computer Science and Electrical Engineering West Virginia
More informationControlling Risk Through Software Code Governance
Controlling Risk Through Software Code Governance July 2011 Catastrophic Consequences Today s headlines are filled with stories about catastrophic software failures and security breaches; medical devices
More informationStatic Analysis for Software Verification. Leon Moonen
Static Analysis for Software Verification Leon Moonen Today s topics Software inspection it s relation to testing benefits and drawbacks Static (program) analysis potential benefits limitations and their
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationA framework for creating custom rules for static analysis tools
A framework for creating custom rules for static analysis tools Eric Dalci John Steven Cigital Inc. 21351 Ridgetop Circle, Suite 400 Dulles VA 20166 (703) 404-9293 edalci,jsteven@cigital.com Abstract Code
More informationC++ (Senior) Developer for SAP HANA database kernel team
C++ (Senior) Developer for SAP HANA database kernel team Hiring Manager: Lee, Chul Won Requisition ID: 109708 Work Area: Software-Development Operations Expected Travel: 0-10% Career Status: Professional
More informationTesting Best Practices
ALMComplete, QAComplete, DevComplete This document is used as a guide to improving your testing and quality assurance processes. 1 Test Case Creation Once requirements have been created and approved, while
More informationApplication Performance Testing Basics
Application Performance Testing Basics ABSTRACT Todays the web is playing a critical role in all the business domains such as entertainment, finance, healthcare etc. It is much important to ensure hassle-free
More informationVulnerability Management in an Application Security World. AppSec DC November 12 th, 2009. The OWASP Foundation http://www.owasp.
Vulnerability Management in an Application Security World AppSec DC November 12 th, 2009 Dan Cornell Global Membership Committee Denim Group dan@denimgroup.com (210) 572-4400 Twitter: @danielcornell The
More informationX05. An Overview of Source Code Scanning Tools. Loulwa Salem. Las Vegas, NV. IBM Corporation 2006. IBM System p, AIX 5L & Linux Technical University
X05 An Overview of Source Code Scanning Tools Loulwa Salem Las Vegas, NV Objectives This session will introduce better coding practices and tools available to aid developers in producing more secure code.
More informationWeb application security: automated scanning versus manual penetration testing.
Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Security Products Must Be Secure by Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI April 2007 Software Vulnerabilities in the
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More information! Resident of Kauai, Hawaii
SECURE SDLC Jim Manico @manicode! OWASP Volunteer! Global OWASP Board Member! Manager of several OWASP secure coding projects! Security Instructor, Author! 17 years of web-based, databasedriven software
More informationImproving RoI by Using an SDL
Improving RoI by Using an SDL This paper discusses how you can improve return on investment (RoI) by implementing a secure development lifecycle (SDL). It starts with a brief introduction to SDLs then
More informationPercerons: A web-service suite that enhance software development process
Percerons: A web-service suite that enhance software development process Percerons is a list of web services, see http://www.percerons.com, that helps software developers to adopt established software
More informationHigh-Performance Batch Processing Framework
High-Performance Batch Processing Framework It is hard to find a mid to large sized business today that does not have at least a batch job or process that runs independent of the web application running
More informationCoverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing
Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies
More informationLearning objectives for today s session
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify
More informationCommon Errors in C/C++ Code and Static Analysis
Common Errors in C/C++ Code and Static Analysis Red Hat Ondřej Vašík and Kamil Dudka 2011-02-17 Abstract Overview of common programming mistakes in the C/C++ code, and comparison of a few available static
More informationTop 10 Mistakes in Data Center Operations: Operating Efficient and Effective Data Centers
Top 10 Mistakes in Data Center Operations: Operating Efficient and Effective Data White Paper 2 Revision 0 by Bob Woolley > Executive summary How can you avoid making major mistakes when operating and
More informationStories From the Front Lines: Deploying an Enterprise Code Scanning Program
Stories From the Front Lines: Deploying an Enterprise Code Scanning Program Adam Bixby Manager Gotham Digital Science 10/28/2010 YOUR LOGO HERE Introduction Adam Bixby, CISSP, MS o Manager at Gotham Digital
More informationTowards practical reactive security audit using extended static checkers 1
Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted
More informationThere are a number of factors that increase the risk of performance problems in complex computer and software systems, such as e-commerce systems.
ASSURING PERFORMANCE IN E-COMMERCE SYSTEMS Dr. John Murphy Abstract Performance Assurance is a methodology that, when applied during the design and development cycle, will greatly increase the chances
More informationStatic Code Analysis Procedures in the Development Cycle
Static Code Analysis Procedures in the Development Cycle Tools, Technology, and Process in Engineering at Microsoft Mooly Beeri Microsoft Haifa R&D Center Agenda Static code analysis tools PREfix and PREfast
More informationBlack Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be
More informationPattern Insight Clone Detection
Pattern Insight Clone Detection TM The fastest, most effective way to discover all similar code segments What is Clone Detection? Pattern Insight Clone Detection is a powerful pattern discovery technology
More informationHow To Manage A System Vulnerability Management Program
System Vulnerability Management Definitions White Paper October 12, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that allows
More informationTest-Driven Development and Unit Testing with Parasoft Concerto
Test-Driven Development and Unit Testing with Parasoft Concerto What is Test-Driven Development (TDD)? Test-Driven Development (TDD) was first introduced as a key part of Extreme Programming. In a nutshell,
More informationBEST PRACTICES FOR SECURITY TESTING TOP 10 RECOMMENDED PRACTICES
BEST PRACTICES FOR SECURITY TESTING TOP 10 RECOMMENDED PRACTICES Disclaimer!! Best Practices are Not rules or rigid standards General solutions to common problems Guidelines and common reference that can
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationIBM QRadar as a Service
Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major
More informationCutting Edge Practices for Secure Software Engineering
Cutting Edge Practices for Secure Software Engineering Kanchan Hans Amity Institute of Information Technology Amity University, Noida, 201301, India khans@amity.edu Abstract Security has become a high
More informationIntroduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions
Matias starts Who are we? Applying Static Analysis Matias Madou and Daan Raman, Leuven, Feb 27, 2015 1 At NVISO, I m responsible for the software security practice. Next to the client work, I also leads
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More informationVulnerability Management in an Application Security World. January 29 th, 2009
Vulnerability Management in an Application Security World OWASP San Antonio January 29 th, 2009 Agenda Background A Little Bit of Theatre You Found Vulnerabilities Now What? Vulnerability Management The
More informationCYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS
CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services
More informationThe Next Generation of Static Analysis - So What is It?
The Next Generation of Static Analysis Boolean Satisfiability and Path Simulation A Perfect Match Ben Chelf, Coverity CTO Andy Chou, Coverity Chief Scientist Introduction Since its introduction, static
More informationService Delivery Module
Service Delivery Module Software Development Methodology -India follows international industry standards and has adopted the standard methodology in our Software Development Life Cycle (SDLC). It is a
More informationImplementing Database Development Best Practices for Oracle
Implementing Database Development Best Practices for Oracle Written by, John Pocknell Product Manager, Toad for Oracle & Toad Data Modeler Quest Software, Inc. Technical Brief Copyright Quest Software,
More informationComparative Study of Load Testing Tools
Comparative Study of Load Testing Tools Sandeep Bhatti, Raj Kumari Student (ME), Department of Information Technology, University Institute of Engineering & Technology, Punjab University, Chandigarh (U.T.),
More informationCoverity White Paper. Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain
Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain January 2012 The Automotive industry is undergoing a radical transformation. There s been tremendous industry consolidation
More informationSoftware Engineering Compiled By: Roshani Ghimire Page 1
Unit 7: Metric for Process and Product 7.1 Software Measurement Measurement is the process by which numbers or symbols are assigned to the attributes of entities in the real world in such a way as to define
More informationComprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER
Comprehensive Static Analysis Using Polyspace Products A Solution to Today s Embedded Software Verification Challenges WHITE PAPER Introduction Verification of embedded software is a difficult task, made
More informationHow to achieve PCI DSS Compliance with Checkmarx Source Code Analysis
How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationInteractive Application Security Testing (IAST)
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
More informationAn Oracle White Paper February 2010. Rapid Bottleneck Identification - A Better Way to do Load Testing
An Oracle White Paper February 2010 Rapid Bottleneck Identification - A Better Way to do Load Testing Introduction You re ready to launch a critical Web application. Ensuring good application performance
More informationCrossing the DevOps Chasm
SOLUTION BRIEF Application Delivery Solutions from CA Technologies Crossing the DevOps Chasm Can improved collaboration and automation between Development and IT Operations deliver business value more
More informationHow to Define SIEM Strategy, Management and Success in the Enterprise
How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have
More informationIntegrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
More informationCode Review Best Practices. With Adam Kolawa, Ph.D.
Code Review Best Practices With Adam Kolawa, Ph.D. This paper is part of a series of interviews in which Adam Kolawa Parasoft CEO and Automated Defect Prevention: Best Practices in Software Management
More informationRTI Routing Service. Release Notes
RTI Routing Service Release Notes Version 5.0.0 2012 Real-Time Innovations, Inc. All rights reserved. Printed in U.S.A. First printing. August 2012. Trademarks Real-Time Innovations, RTI, and Connext are
More informationApplication Security: What Does it Take to Build and Test a Trusted App? John Dickson, CISSP Denim Group
Application Security: What Does it Take to Build and Test a Trusted App? John Dickson, CISSP Denim Group Overview What is Application Security? Examples of Potential Vulnerabilities Potential Strategies
More information