Software Integrity

Archive for 2004

 

Static analysis for security

Originally published in IEEE Security & Privacy All software projects are guaranteed to have one artifact in common—source code. Together with architectural risk analysis[1], code review for security ranks very high on the list of software security best practices (see Figure 1[2]). Here, we’ll look at how to automate source code security analysis with static […]

Continue Reading...

Posted in Software Security Testing, Static Analysis (SAST) | Comments Off on Static analysis for security

 

Software security testing

Originally published in IEEE Security and Privacy Magazine Security testing has recently moved beyond the realm of network port scanning to include probing software behavior as a critical aspect of system behavior (see the sidebar). Unfortunately, testing software security is a commonly misunderstood task. Security testing done properly goes deeper than simple black-box probing on the […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Software Security Testing, Vulnerability Assessment | Comments Off on Software security testing

 

Risk analysis in software design

Originally published in IEEE Security and Privacy Magazine Risk analysis is often viewed as a “black art”—part fortune telling, part mathematics. Successful architecture risk analysis, however, is nothing more than a business-level decision-support tool: it’s a way of gathering the requisite data to make a good judgment call based on knowledge about vulnerabilities, threats, impacts, and probability. Established risk-analysis […]

Continue Reading...

Posted in Security Architecture, Security Risk Assessment, Software Architecture and Design | Comments Off on Risk analysis in software design

 

Software security

Originally published in IEEE Security and Privacy Magazine Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking’s importance, but they need some help in understanding how to tackle it. This new department aims to provide that help by exploring software security […]

Continue Reading...

Posted in Application Security, Software Security Testing | Comments Off on Software security