Paul Andersen from GrammaTech (the company that develop CodeSonar) share his thought on using both, static and dynamic analysis, to detect vulnerabilities. (read the articles here)
Lots of comments given which share the same thought as me. However, if I were to choose one, I'll definitely use static analysis. As I'm doing research in that area, I do found that we can remove all vulnerabilities related to C overflows at the beginning without using dynamic analysis. Of course there are pros and cons of using dynamic analysis, but the major issue with dynamic analysis which make me choose static analysis instead of dynamic is that the cost of re-write the code of modified the code is higher after the development phase and it can introduce unknown error too.
However, if a company can afford to use both, then I do recommend to use both. BUT, it is hard to choose the tool as all companies claimed their tool have better detection rate.
My experience on my daily works... helping others ease each other
About Me
-
Since I don't have Apple Store Developer Account yet, I can only publish on Android, of which at Google Play Store . Head up if you are... -
You may get the following error when you try to add new user. You have try may solutions as listed in Tableau: https://community.tablea... -
First - Don't trust your VirtualBox Second - Focus on your Terminal only Then follow the instruction here: https://www.danwalker.com...
Labels
- AI
- AI Ethics
- AI Governance and Ethics
- Algorithm
- Analytics
- Android
- Angular
- API
- Apple
- Artificial Intelligent
- Big Data
- Binary
- Blockchain
- Buffer Overflow
- C Programs
- Certification
- Code Project
- Codility
- Community Group
- Comparison
- Competition
- Conference
- Critics
- Cryptography and Encryption
- Dart
- Data
- Data Analysis
- Data Analytics
- Data Integration
- Data Sciences
- Data Visualization
- Database
- ebook
- Education
- Embedded
- Engineering
- ETL
- Flex
- Flutter
- Forum
- Free/OSS
- GIS
- GitHub
- Google Play
- Hackers
- Homestead
- Information Security
- ionic
- Ionic Framework
- IoT
- IP
- IR4.0
- IT Gadget
- IT Jokes
- IT News
- Java
- Javascript
- JDK
- Jenv
- Journal
- Kecerdasan Buatan
- Kepintaran Buatan
- Knowledge Sharing
- Laravel
- Linux
- Mac
- Machine Learning
- Malware
- Market Research
- Melayu
- Microsoft
- Mobile Apps
- Mobile Development
- Mobile World
- MySQL
- Network
- Newsletter
- Open Source
- Patch and Update
- Pentaho
- Personal Opinion
- PHP
- Prediction
- Privacy and Trust
- Program Analysis
- Programming
- Project Management
- Publications
- PWA
- Qualitative Review
- Quiz/Test
- R language
- R Studio
- React
- REST
- Review/Preview
- Robot
- Robotics
- Sample Code
- Sciences
- Scripting Language
- Security Forum/Conference
- Silverlight
- Smart Manufacturing
- Social
- Software Development
- Software Security
- SQL Injection
- Static Analysis
- Symposium
- System
- Tableau
- Talk/Lecture
- Technology
- Tips and Trick
- Tool
- Training
- Typescript
- Visualization
- Vulnerability
- Web Browser
- Web-based application
- White Paper
- Windows Windows 11 Microsoft Experience Technology
Blog Archive
-
▼
2011
(110)
-
▼
December
(38)
- 10+ free tool for static code analysis
- Internet Society Member Newsletter - December 2011
- Google Gmail doesn't meet LAPD security needs
- Top five cloud security tips of 2011
- Methods overloading or overriding
- US and Israel is behind Stuxnet and Duqu Malware -...
- Decoding malware SSL using Burp proxy
- « Public Status Updates Plunged 93% Since Facebook...
- The International Conference on Digital Informatio...
- Five predictions for security in 2012
- Bot Hunter
- Think static analysis cures all ills? Think again.
- Static Analysis versus Dynamic Analysis
- Using C to Blend Mathematics and Art (When Math go...
- Top security incidents of 2011
- Attack in Quantum Network - Is it possible?
- Conference List as of Dec 2011
- Decide - When and What to buy Electronic gadget
- The 10 Most Important Open Source Projects of 2011...
- Linux Job Demand (as of December 2011)
- Seminar on Applications of Cutting-edge Statistica...
- Public key cryptography and security certificates
- Internet Society Launches New Website
- Tips on picking right OSS license
- Analysis of ‘Operation Black Tulip’: Certificate a...
- Research team finds disk encryption foils law enfo...
- Advanced Persistent Threats: Are You at Risk?
- Exposing Direct Database SQL Injection Attacks
- SPIE.org : SPIE Newsroom : Unconditionally secure ...
- Should we be taming social media?
- Carrier IQ faces lawsuits, lawmaker seeks FTC probe
- Malaysian will force IT to be certified.. Is this ...
- Hacking Kindle Fire for Android apps
- Russia: Massive DDoS Attacks Against Independent W...
- Slide for IAS 2011 - Draft Completed
- Bill Gates: Trustworthy Computing
- Effective and Easy Learning Method - 2
- Effective and Easy Learning Method - 1
-
▼
December
(38)
Blogger templates
Copyright ©
Malaysian Developer | Powered by Blogger
Design by FlexiThemes | Blogger Theme by Lasantha - PremiumBloggerTemplates.com | Rapid Domain Search
1 comments:
Security static analysis tools are very effective for detect error in code. Thanks for sharing information.
Post a Comment