The Security Report is a monthly publication that provides an in depth analysis of the techniques and tools that a hacker could use to compromise our customers’ computer systems. It also presents practices and procedures our customers can use to secure and protect their systems from attacks. Each Security Report covers one major security issue in detail.

Introduction:

Static analyzers are used to discover difficult to find programming errors before run time when they may be more difficult or impossible to find. This class of tool can discover many logical and security errors in an application without executing the compiled application. Unlike dynamic analysis tools which look at the application state while it is being executed, static analysis tools do not require the application to be compiled or executed; bugs can be found by analyzing the source code directly. In this Security Report we will discuss the history of static analyzers, reasons to use static analysis in order to discover and fix security vulnerabilities, static analysis strengths and limitations, and who should use static analysis tools. Finally we will examine a great example of a static analysis tool, Klocwork inSpect, to probe in more detail its usage and how to get the most out of static analysis techniques.

Provided by: Security Innovation, The Application Security Company