Skip to Content
Secure Programming with Static Analysis
book

Secure Programming with Static Analysis

by Brian Chess, Jacob West
June 2007
Intermediate to advanced
624 pages
16h 18m
English
Addison-Wesley Professional
Content preview from Secure Programming with Static Analysis

4. Static Analysis Internals

Those who say it cannot be done should not interrupt the people doing it.

–CHINESE PROVERB

This chapter is about what makes static analysis tools tick. We look at the internal workings of advanced static analysis tools, including data structures, analysis techniques, rules, and approaches to reporting results. Our aim is to explain enough about what goes into a static analysis tool that you can derive maximum benefit from the tools you use. For readers interested in creating their own tools, we hope to lay enough groundwork to provide a reasonable starting point.

Regardless of the analysis techniques used, all static analysis tools that target security function in roughly the same way, as shown in Figure 4.1. They ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

You might also like

Secure Programming Cookbook for C and C++

Secure Programming Cookbook for C and C++

John Viega, Matt Messier
Secure Coding: Principles and Practices

Secure Coding: Principles and Practices

Mark G. Graff, Kenneth R. van Wyk
Hands-On Security in DevOps

Hands-On Security in DevOps

Tony Hsiang-Chih Hsu
Securing DevOps

Securing DevOps

Julien Vehent

Publisher Resources

ISBN: 9780321424778Purchase book