Better software through debugging and unit testing -- Debugging for security

TABLE OF CONTENTS    Software debugging basics    Unit testing basics    Unit testing, Extreme Programming and TDD    Debugging for security    Other useful resources

Debugging for security

Application security is, unfortunately, still an afterthought in the SDLC. Debugging, however, presents a perfect opportunity to root out security holes. Developers and testers need to keep an eye out for insecurities when scouring their code for bugs.

Source code analysis is a debugging process. Often associated with application security, source code analysis, which includes static analysis and dynamic analysis, is a highly beneficial process.

• Tip: Application security expert Kevin Beaver has put together a very compelling list of eight reasons to do source code analysis on your Web application.



• Article: Embedded experts: Fix code bugs or cost lives -- The most important reason to debug software. This grim article recounts instances where software glitches resulted in deaths.



• Podcast: How source code analysis improves application security -- Application security expert Dan Cornell explains when, how, and with what tools source code analysis should be performed to the greatest benefit.



• Tip: What to do after penetration testing: source code analysis -- Kevin Beaver doesn't scrimp on the screen shots or the exposition in this tip.



• Book excerpt: Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis -- Proper static analysis requires much of the administrator. This free chapter will help you hone some of your analysis skills and improve your debugging.



• Q&A: How static analysis can improve software security -- This interview with Brian Chess, author of Static Analysis as Part of the Code Review Process, sheds more light on the prevalence of application security issues and how techniques such as code analysis can make software more secure.



• Expert advice: Code analysis: Which tool is right for you? -- Expert Brad Arkin details what you should look for when selecting a source code analysis tool.



• Article: Application security increased by static and dynamic code analysis -- This article includes a more thorough explanation of source code analysis. It highlights the shortcomings of static and dynamic code analysis and how they may be used together.

The next section of this guide has more useful resources on unit testing and debugging.