
	Home > Better software through debugging and unit testing -- Debugging for security

Learning Guide:

EMAIL THIS

Better software through debugging and unit testing -- Debugging for security

02 Nov 2007 | SearchSoftwareQuality.com

Digg This!

StumbleUpon

Del.icio.us

TABLE OF CONTENTS
   Software debugging basics
   Unit testing basics
   Unit testing, Extreme Programming and TDD
   Debugging for security
   Other useful resources

  Debugging for security

Application security is, unfortunately, still an afterthought in the SDLC. Debugging, however, presents a perfect opportunity to root out security holes. Developers and testers need to keep an eye out for insecurities when scouring their code for bugs.

Source code analysis is a debugging process. Often associated with application security, source code analysis, which includes static analysis and dynamic analysis, is a highly beneficial process.

Tip: Application security expert Kevin Beaver has put together a very compelling list of eight reasons to do source code analysis on your Web application.

Article: Embedded experts: Fix code bugs or cost lives -- The most important reason to debug software. This grim article recounts instances where software glitches resulted in deaths.

Podcast: How source code analysis improves application security -- Application security expert Dan Cornell explains when, how, and with what tools source code analysis should be performed to the greatest benefit.

Tip: What to do after penetration testing: source code analysis -- Kevin Beaver doesn't scrimp on the screen shots or the exposition in this tip.

Book excerpt: Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis -- Proper static analysis requires much of the administrator. This free chapter will help you hone some of your analysis skills and improve your debugging.

Q&A: How static analysis can improve software security -- This interview with Brian Chess, author of Static Analysis as Part of the Code Review Process, sheds more light on the prevalence of application security issues and how techniques such as code analysis can make software more secure.

Expert advice: Code analysis: Which tool is right for you? -- Expert Brad Arkin details what you should look for when selecting a source code analysis tool.

Article: Application security increased by static and dynamic code analysis -- This article includes a more thorough explanation of source code analysis. It highlights the shortcomings of static and dynamic code analysis and how they may be used together.

The next section of this guide has more useful resources on unit testing and debugging.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Software security testing and techniques
	Recipe for successful Web application security testing
	Software quality needs to be a continuous process
	Cloud computing's effect on application security
	Web Security Testing Cookbook sample recipe
	Ajax website security: Don't trust the client
	PCI compliance falls short of assuring website security
	Be aware of SOA application security issues
	Browser security a concern for website development
	Static analysis at the end of the SDLC doesn't work
	Website security improved, but more can be done

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Software Quality Testing - Research and White Papers

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy