Secure Development with Static Analysis

Presented at REcon 2006, June 17, 2006, 9:30 a.m. (60 minutes).

Static source code analysis has evolved rapidly in the past few years into a powerful developmental aid. However, many developers' perceptions of static analysis are incorrect. Analysis techniques are more advanced than many people realize, but also not the magic bullet many hope for. Successful utilization and integration of static analysis requires understanding its possibilities and limits. This talk is primarily targeted at security concious software developers and consultants. It's intended to be vendor-neutral, and will cover commerical and academic (including free/open source) tools.

Presenters:

• Ted Unangst
  Ted Unangst has been working on and with static analysis tools since 2001, when he started working with Stanford's Metacompilation group, and is presently a software engineer at Coverity, makers of advanced source code analysis solutions. He is also an OpenBSD developer.

Links:

• http://2006.recon.cx/en/s/tunangst.html
• https://infocon.org/cons/REcon/REcon 2006/REcon 2006 videos/Ted Unangst-Secure development with static analysis 512kb.mp4

Similar Presentations:

• Black Hat USA 2011 / Sticking to the Facts: Scientific Study of Static Analysis Tools
• AppSec USA 2016 / Practical Static Analysis for Continuous Application Security
• ShmooCon IX (2013) / Mastiff: Automated Static Analysis Framework