From the course: Developing Secure Software
Join today to access over 23,200 courses taught by industry experts.
Static analysis
From the course: Developing Secure Software
Static analysis
- [Narrator] Static analysis is a type of source code analysis for security. It examines the text of a program. Therefore, you can do the security testing without executing the source code, which is why it's called static. The code you test doesn't have to be fully functional either because you don't have to run it. Software bugs usually emerge in hard to reach states or unusual circumstances. They're also language specific. For example, memory management is done manually in languages such as C while it's automated in Java. Static analysis has some significant limitations, too. For example, only a fixed set of bugs can be detectable due to its reliance on signatures. If there is no signature for a bug, tools cannot detect it as in antivirus software. Static analysis produces many false positives, requiring manual inspection to determine if what is detected is truly a bug. There could also be many false negatives, which is particularly dangerous since it gives you a false sense of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Testing for security1m 5s
-
(Locked)
Static analysis1m 48s
-
(Locked)
Static analysis tools1m 49s
-
(Locked)
Dynamic analysis1m 28s
-
(Locked)
Dynamic analysis tools1m
-
(Locked)
Penetration testing1m 37s
-
(Locked)
Penetration testing tools2m 15s
-
(Locked)
Vulnerability management1m 43s
-
(Locked)
Vulnerabilty management tools2m 2s
-
(Locked)
-
-