Software Testing Social Network

Free Software Testing Tutorial and Quality Assurance Portal

Home Software Security Assurance Application Security Testing Techniques: Source Code/Static Analysis - Page 2

Application Security Testing Techniques: Source Code/Static Analysis - Page 2

 E-mail | Print |
Article Index
Application Security Testing Techniques: Source Code/Static Analysis
Page 2
All Pages
Page 2 of 2

However, some problems are difficult to foresee during static analysis. Interaction of multiple functions can generate unanticipated errors, which only become apparent during component-level integration, system integration or deployment. Therefore, once the software is functionally complete, dynamic analysis should be performed. Dynamic analysis reveals how the application behaves when executed, and how it interacts with other processes and the operating system itself. While static analysis can find errors early in the software development life cycle, dynamic analysis tests the code in real-life attack scenarios.

Finding and fixing programming errors can be time consuming, but it is worth it. In fact, Gartner pegs the cost of removing security vulnerabilities during testing to be less than 2% of the cost of removing it from a production system. To help you streamline this process, there are numerous code analysis tools available -- many of which are free.If you use Microsoft's development environments, Microsoft offers several free code analysis tools, such as PREfix, PREfast and FxCop.

While including static and dynamic code analysis in an application security strategy can reduce the risk of vulnerabilities making it into the final version, the following can help you improve the overall quality and security of your applications as well:

1. Develop and implement an application security life cycle. Having an application security life cycle in place can reduce the cost of eradicating vulnerabilities and make your efforts more effective. For example,     Microsoft found that using their SDL has significantly reduced the rate of external discovery of security vulnerabilities.

2. Move your security assessment phase into the development phase. Many developers have found that doing so actually reduces overall application development times.

3. Repeat the security assessment process when the business logic in the application changes. This is necessary to evaluate the impacts of any changes on overall application security.

 

 

 


Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment
You must be logged in to post a comment. Please register if you do not have an account yet.

busy
<< Prev - Next

< Prev   Next >
  Attention! For US visitors deep discounted electronics products available! CLICK HERE to check it out.