The Super Fun Kids' Graphic Novel Sale

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to
for a chance to win.
Privacy Policy

Visit our stores

    Recently Viewed clear list

    Original Essays | September 23, 2015

    Bryan Doerries: IMG Using Greek Tragedies to Comfort the Afflicted and Afflict the Comfortable

    In ancient Athens, during the fifth century BC, military service was required of all citizens. To be a citizen meant being a soldier, and vice... Continue »
    1. $18.87 Sale Hardcover add to wish list

Qualifying orders ship free.
New Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
1 Remote Warehouse Networking- Computer Security

More copies of this ISBN

This title in other editions

Secure Programming with Static Analysis with CDROM (Addison-Wesley Software Security Series)

by and

Secure Programming with Static Analysis with CDROM (Addison-Wesley Software Security Series) Cover


Synopses & Reviews

Publisher Comments:

The First Expert Guide to Static Analysis for Software Security!


Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.


Coverage includes:


Book News Annotation:

When programmers, or more properly their code, face the big ugly world out there, both must be prepared to deflect digital bullets. Consultants and practitioners Chess and West support using the technique of static analysis, which will uncover errors of omission and commission that could let a monster into the works. Focusing on the 70 or so most common security defects, they delineate the real software security problems out there and introduce static analysis, including its use as part of the code review process. They describe static analysis internals and then turn to pervasive problems, such as input, buffer overflow, errors and exceptions and examine feature, including web applications, XML and web services, business and personal privacy and secrets and privileged programs. They also supply nearly 20 extended exercises for C and Java with answers. Annotation ©2007 Book News, Inc., Portland, OR (

About the Author

B rian Chess is a founder of Fortify Software. He currently serves as Fortify’s Chief Scientist, where his work focuses on practical methods for creating secure systems. Brian holds a Ph.D. in Computer Engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service. He lives in Mountain View, California.


J acob West manages Fortify Software’s Security Research Group, which is responsible for building security knowledge into Fortify’s products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob worked with Professor David Wagner at the

University of California at Berkeley to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.


Table of Contents

Part I: Software Security and Static Analysis 1

1          The Software Security Problem          3

2          Introduction to Static Analysis 21

3          Static Analysis as Part of the Code Review Process    47

4          Static Analysis Internals          71

Part II: Pervasive Problems         115

5          Handling Input 117

6          Buffer Overflow           175

7          Bride of Buffer Overflow         235

8          Errors and Exceptions  265

Part III: Features and Flavors      295

9          Web Applications        297

10         XML and Web Services           349

11         Privacy and Secrets     379

12         Privileged Programs    421

Part IV: Static Analysis in Practice        457

13         Source Code Analysis Exercises for Java        459

14         Source Code Analysis Exercises for C 503

Epilogue          541

References      545

Index   559


Product Details

Brian Chess and Jacob West
Addison-Wesley Professional
Foreword by:
McGraw, Gary
McGraw, Gary
Chess, Brian
West, Jacob
Quality Control
Programming - Software Development
Computer software
Security - General
Software Development & Engineering - General
Computer security
Computer software -- Quality control.
Networking-Computer Security
Edition Description:
Trade paper
Addison-Wesley Software Security Series
Publication Date:
July 2007
Grade Level:
Professional and scholarly
9 x 6.7 x 1.4 in 998 gr

Other books you might like

  1. The Art of Software Security... New Trade Paper $61.25

Related Subjects

Computers and Internet » Computers Reference » General
Computers and Internet » Networking » Computer Security
Computers and Internet » Software Engineering » General
Computers and Internet » Software Engineering » Systems Analysis and Design

Secure Programming with Static Analysis with CDROM (Addison-Wesley Software Security Series) New Trade Paper
0 stars - 0 reviews
$67.25 In Stock
Product details 624 pages Addison-Wesley Professional - English 9780321424778 Reviews:
  • back to top


Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at