PPT-Static Analysis Tools

PREfast for Drivers Donn Terry Software Design Engineer Microsoft Corporation Key Takeaways Be a leader in advancing 64bit computing Adopt best practices and new tools Lets partner on new hardware directions. http://www.imagix.com The quality checks and software metrics produced by Imagix 4D enable you to identify potential problems during the development and maintenance of your source code. By identifying and correcting the problem areas, you're able to improve the reliability, portability, and maintainability of your software. Presented by Justin Samuel. For UW CSE 504, Spring ‘10. Instructor: Ben Livshits. Finding Security Vulnerabilities in Java Applications with Static Analysis. V. Benjamin Livshits and Monica S. Lam. Andreas Fuchsberger. Information Security Technologist. Microsoft. Agenda. Code Analysis/Code Inspection. Motivation. Static Code Analysis. History. Current technologies. CAT.NET. How CAT.NET works. Installation. Testing Without Executing the Code. Pavlina Koleva. Junior QA Engineer. WinCore. . .  . Telerik QA Academy. Table of Contents. Static . Techniques – Main Concepts. Static Analysis by . It’ll shock you!. What is Electricity?. The movement of charges (electrons). Can be passed (current). or Stationary (static). Electrostatics. = the study. o. f static electricity. Differences?. Static Electricity: . motherboard. , . RAM. , and other . electronic circuitry. inside a computer. . By placing her hand on a Van de Graaff generator, this girl has positively charged her hair, causing her individual hairs to repel each other. . Engler. , . Lujo. . Bauer. , Michelle . Mazurek. http://philosophyofscienceportal.blogspot.com/2013/04/van-de-graaff-generator-redux.html. Static analysis. Current Practice. Testing: . Check correctness on set of inputs. 7.1: Static Charge/Electricity pp. 228. Refers to electric charges that can be collected and held in one place.. “static” means stationary or not moving. Is the temporary transfer of electrons (e-).. Accelerating Dynamic Analysis through Predicated Static Analysis. David Devecsery. , Peter Chen, Jason Flinn, Satish Narayanasamy. Systems Today are Unsafe. Runtime systems are largely unmonitored.. *. The Good, the Bad, and the Ugly. . Andy . Earle. Hewlett-Packard Enterprise. Security . Solutions Architect. Who am I?. Andy Earle. CISSP, CSSLP, CEH. HPE . Fortify. Application Security Solutions Architect / Presales Engineer. Accelerating Dynamic Analysis through Predicated Static Analysis. David Devecsery. , Peter Chen, Jason Flinn, Satish Narayanasamy. Systems Today are Unsafe. Runtime systems are largely unmonitored.. for Security and Privacy. Manuel . Egele. megele@cmu.edu. Carnegie Mellon University. Mobile Devices are Ubiquitous. 400 . million . iOS. devices . in . total. (June 2012). 400 million Android devices in . Chapter 2: Malware Analysis in Virtual Machines. Chapter 3: Basic Dynamic Analysis. Chapter 1: Basic Static Techniques. Static analysis. Examine payload without executing it to determine function and maliciousness. Claire Le Goues. 2015 (c) C. Le Goues. 1. Learning goals. Really understand control- and data-flow analysis.. Receive a high-level introduction to more formal proving tools.. Develop evidence-based recommendations for how to deploy analysis tools in your project or organization..