Home page logo

pen-test logo Penetration Testing mailing list archives

True Source Code Analysis for Security
From: "Maty Siman" <maty () checkmarx com>
Date: Thu, 29 Oct 2009 17:34:13 +0200

Source Code Analysis has become the de facto choice to introduce secure
development as well as gauge inherent software risk. 
The irony is that source code analysis doesn‘t often look at the source at
all. In fact, the majority of the products are using Binary analysis or
byte-code analysis (BCA) created by the compiler. This method saves a great
deal of effort when developing the analysis tools, but lowers drastically
the usability and accuracy of the results. 

This technical paper – with detailed code examples – from Checkmarx research
labs, fills this gap and explains how developers, auditors and cloud
platform providers benefit from the inherent advantages of true source code
analysis tool.


Maty Siman, CISSP
Founder, CTO
Checkmarx Ltd.

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]