Secure Programming with Static Analysis.pdf

Praise for Secure Programming with Static Analysis

“We designed Java so that it could be analyzed statically. This book shows you how to

apply advanced static analysis techniques to create more secure, more reliable software.”

—Bill Joy

Co-founder of Sun Microsystems, co-inventor of the Java programming language

“If you want to learn how promising new code-scanning tools can improve the security

of your software, then this is the book for you. The ﬁrst of its kind, Secure Program-

ming with Static Analysis is well written and tells you what you need to know without

getting too bogged down in details. This book sets the standard.”

—David Wagner

Associate Professor, University of California, Berkeley

“Brian and Jacob can write about software security from the ‘been there. done that.’

perspective. Read what they’ve written - it’s chock full of good advice.”

—Marcus Ranum

Inventor of the ﬁrewall, Chief Scientist, Tenable Security

“Over the past few years, we’ve seen several books on software security hitting the

bookstores, including my own. While they’ve all provided their own views of good

software security practices, this book ﬁlls a void that none of the others have covered.

The authors have done a magniﬁcent job at describing in detail how to do static source

code analysis using all the tools and technologies available today. Kudos for arming the

developer with a clear understanding of the topic as well as a wealth of practical guid-

ance on how to put that understanding into practice. It should be on the required read-

ing list for anyone and everyone developing software today.”

—Kenneth R. van Wyk

President and Principal Consultant, KRvW Associates, LLC.

“Software developers are the ﬁrst and best line of defense for the security of their code. This

book gives them the security development knowledge and the tools they need in order to

eliminate vulnerabilities before they move into the ﬁnal products that can be exploited.”

—Howard A. Schmidt

Former White House Cyber Security Advisor

“Modern artifacts are built with computer assistance. You would never think to build

bridges, tunnels, or airplanes without the most sophisticated, state of the art tools. And

yet, for some reason, many programmers develop their software without the aid of the

best static analysis tools. This is the primary reason that so many software systems are

replete with bugs that could have been avoided. In this exceptional book, Brian Chess

and Jacob West provide an invaluable resource to programmers. Armed with the

hands-on instruction provided in Secure Programming with Static Analysis , developers

will ﬁnally be in a position to fully utilize technological advances to produce better

code. Reading this book is a prerequisite for any serious programming.”

—Avi Rubin, Ph.D.

Professor of Computer Science, Johns Hopkins University

President and co-Founder, Independent Security Evaluators

“Once considered an optional afterthought, application security is now an absolute

requirement. Bad guys will discover how to abuse your software in ways you’ve yet to

imagine—costing your employer money and damaging its reputation. Brian Chess and

Jacob West offer timely and salient guidance to design security and resiliency into your

applications from the very beginning. Buy this book now and read it tonight.”

—Steve Riley

Senior Security Strategist, Trustworthy Computing, Microsoft Corporation

“Full of useful code examples, this book provides the concrete, technical details you

need to start writing secure software today. Security bugs can be difﬁcult to ﬁnd and

ﬁx, so Chess and West show us how to use static analysis tools to reliably ﬁnd bugs

and provide code examples demonstrating the best ways to ﬁx them. Secure Program-

ming with Static Analysis is an excellent book for any software engineer and the ideal

code-oriented companion book for McGraw’s process-oriented Software Security in a

software security course.”

—James Walden

Assistant Professor of Computer Science, Northern Kentucky University

“Brian and Jacob describe the root cause of many of today’s most serious security issues

from a unique perspective: static source code analysis.

Using lots of real-world source code examples combined with easy-to-understand

theoretical analysis and assessment, this book is the best I’ve read that explains code

vulnerabilities in such a simple yet practical way for software developers.”

—Dr. Gang Cheng

“Based on their extensive experience in both the software industry and academic

research, the authors illustrate sound software security practices with solid principles.

This book distinguishes itself from its peers by advocating practical static analysis,

which I believe will have a big impact on improving software security.”

—Dr. Hao Chen

Assistant Professor of Computer Science, UC Davis

Secure Programming

with Static Analysis

Addison-Wesley Software Security Series

Gary McGraw, Consulting Editor

Titles in the Series

Secure Programming with Static Analysis, by Brian Chess and Jacob West

ISBN: 0-321-42477-8

Exploiting Software: How to Break Code, by Greg Hoglund and Gary McGraw

ISBN: 0-201-78695-8

Exploiting Online Games: Cheating Massively Distributed Systems,

by Greg Hoglund and Gary McGraw

ISBN: 0-132-27191-5

Rootkits: Subverting the Windows Kernel, by Greg Hoglund and James Butler

ISBN: 0-321-29431-9

Software Security: Building Security In, by Gary McGraw

ISBN: 0-321-35670-5

For more information about these titles, and to read sample chapters, please visit

the series web site at www.awprofessional.com/softwaresecurityseries

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: