YoVDO

Choosing the Right Static Code Analyzers Based on Hard Data

Offered By: LASCON via YouTube

Tags

Static Code Analysis Courses Programming Languages Courses Cybersecurity Courses Software Testing Courses Software Engineering Courses Code Quality Courses Software Security Courses Benchmarking Courses

Course Description

Overview

Explore a comprehensive analysis of static code analyzers in this 34-minute LASCON conference talk. Delve into research funded by the U.S. Department of Homeland Security aimed at developing unbiased methods for assessing and comparing static analyzer products. Learn about a new, freely-available website presenting the research findings and plans to track detectable weakness types. Discover key properties to consider when integrating analyzers into development pipelines, including coverage, results quality, and benchmarking using real code. Gain insights into the challenges and future plans for improving static code analysis, and contribute your feedback on important information and capabilities in this field.

Syllabus

Introduction
Overview
What is static analysis
What is static analysis good for
Buffer overruns
Consumer reports for static analyzers
Basic Information
Process Integration
Where to Run
Inputs
Reporting
Documentation
Coverage
Results Quality
Compare Platform
Test Suites
Credit
Block Diagram
Challenges
Website


Taught by

LASCON

Related Courses

Secure Android App Development
University of Southampton via FutureLearn DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning Microsoft DevOps Solutions: Developing Security and Compliance
Pluralsight Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications
Pluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight