Murakami Sale
 
 

Recently Viewed clear list


Original Essays | August 21, 2014

Richard Bausch: IMG Why Literature Can Save Us



Our title is, of course, a problem. "Why Literature Can Save Us." And of course the problem is one of definition: what those words mean. What is... Continue »
  1. $18.87 Sale Hardcover add to wish list

    Before, During, After

    Richard Bausch 9780307266262

spacer
Qualifying orders ship free.
$67.25
New Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
1 Remote Warehouse Networking- Computer Security

This title in other editions

Secure Programming with Static Analysis with CDROM (Addison-Wesley Software Security Series)

by and

Secure Programming with Static Analysis with CDROM (Addison-Wesley Software Security Series) Cover

 

Synopses & Reviews

Publisher Comments:

The First Expert Guide to Static Analysis for Software Security!

 

Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.

 

Coverage includes:

 

Book News Annotation:

When programmers, or more properly their code, face the big ugly world out there, both must be prepared to deflect digital bullets. Consultants and practitioners Chess and West support using the technique of static analysis, which will uncover errors of omission and commission that could let a monster into the works. Focusing on the 70 or so most common security defects, they delineate the real software security problems out there and introduce static analysis, including its use as part of the code review process. They describe static analysis internals and then turn to pervasive problems, such as input, buffer overflow, errors and exceptions and examine feature, including web applications, XML and web services, business and personal privacy and secrets and privileged programs. They also supply nearly 20 extended exercises for C and Java with answers. Annotation ©2007 Book News, Inc., Portland, OR (booknews.com)

About the Author

B rian Chess is a founder of Fortify Software. He currently serves as Fortify’s Chief Scientist, where his work focuses on practical methods for creating secure systems. Brian holds a Ph.D. in Computer Engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service. He lives in Mountain View, California.

 

J acob West manages Fortify Software’s Security Research Group, which is responsible for building security knowledge into Fortify’s products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob worked with Professor David Wagner at the

University of California at Berkeley to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.

 

Table of Contents

Part I: Software Security and Static Analysis 1

1          The Software Security Problem          3

2          Introduction to Static Analysis 21

3          Static Analysis as Part of the Code Review Process    47

4          Static Analysis Internals          71

Part II: Pervasive Problems         115

5          Handling Input 117

6          Buffer Overflow           175

7          Bride of Buffer Overflow         235

8          Errors and Exceptions  265

Part III: Features and Flavors      295

9          Web Applications        297

10         XML and Web Services           349

11         Privacy and Secrets     379

12         Privileged Programs    421

Part IV: Static Analysis in Practice        457

13         Source Code Analysis Exercises for Java        459

14         Source Code Analysis Exercises for C 503

Epilogue          541

References      545

Index   559

 

Product Details

ISBN:
9780321424778
Author:
Brian Chess and Jacob West
Publisher:
Addison-Wesley Professional
Foreword by:
McGraw, Gary
Foreword:
McGraw, Gary
Author:
West, Jacob
Author:
Chess, Brian
Subject:
Quality Control
Subject:
Programming - Software Development
Subject:
Computer software
Subject:
Security - General
Subject:
Security
Subject:
Software Development & Engineering - General
Subject:
Computer security
Subject:
Computer software -- Quality control.
Subject:
Networking-Computer Security
Copyright:
Edition Description:
Trade paper
Series:
Addison-Wesley Software Security Series
Publication Date:
July 2007
Binding:
TRADE PAPER
Grade Level:
Professional and scholarly
Language:
English
Illustrations:
Y
Pages:
624
Dimensions:
9 x 6.7 x 1.4 in 998 gr

Other books you might like

  1. The Art of Software Security... New Trade Paper $61.25

Related Subjects

Computers and Internet » Computers Reference » General
Computers and Internet » Networking » Computer Security
Computers and Internet » Software Engineering » General
Computers and Internet » Software Engineering » Systems Analysis and Design

Secure Programming with Static Analysis with CDROM (Addison-Wesley Software Security Series) New Trade Paper
0 stars - 0 reviews
$67.25 In Stock
Product details 624 pages Addison-Wesley Professional - English 9780321424778 Reviews:
spacer
spacer
  • back to top
Follow us on...




Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.