Penetration Testing mailing list archives
Re: True Source Code Analysis for Security
From: Jason Ross <algorythm () gmail com>
Date: Tue, 3 Nov 2009 01:28:52 -0500
On Thu, Oct 29, 2009 at 10:34 AM, Maty Siman <maty () checkmarx com> wrote:
This technical paper – with detailed code examples – from Checkmarx research labs, fills this gap and explains how developers, auditors and cloud platform providers benefit from the inherent advantages of true source code analysis tool. http://www.checkmarx.com/NewsDetails.aspx?id=27&cat=3 Maty Siman, CISSP Founder, CTO Checkmarx Ltd. www.checkmarx.com
I was all set to call foul and shun this as spam but decided to give the paper a look-through first. FWIW, while there's not a lot of real meat to the doc, there's also no direct "buy our junk" either. I do think the sample code is a bit unfair (eg. putting in non-compiling code and claiming that because it doesn't compile it won't be analyzed correctly. Since that same code would need to compile in order for the app to be used, the bugs causing compilation to fail would be fixed, at which point the binary analysis could resume.) That said, I don't disagree with the premise: manual > automated, especially in a maze of twisty passages, like source code analysis. -- Jason ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- True Source Code Analysis for Security Maty Siman (Nov 02)
- Re: True Source Code Analysis for Security John Kinsella (Nov 04)
- Re: True Source Code Analysis for Security Jason Ross (Nov 04)
- Re: True Source Code Analysis for Security Jason Ross (Nov 04)
- Re: True Source Code Analysis for Security John Kinsella (Nov 04)