All Research Sponsored By:Klocwork
-
Defend Against Injection-based Attacks
This paper provides a detailed description of injection vulnerabilities, discusses how they present themselves to both end users and software developers, and explains mitigation strategies to help resolve the various types of injection attacks.
-
Challenging Some of the Myths About Static Code Analysis
This paper addresses common myths surrounding static code analysis and explains what the technology can do for developers and the software development lifecycle.
-
Course: Insecure Temporary Files (CWE-377)
This course begins with an overview of the use of insecure temporary files vulnerability and its common causes. A technical description of the issue is presented along with code examples to show the vulnerability. Finally, the course describes the remediation strategies used to mitigate the weakness described by CWE-377.
-
Course: Improper Validation of Array Index (CWE-129)
This course begins with an overview of improper validation of array indices. It describes the security impact of the weakness and provides a technical description of the issue, along with code examples to show the vulnerability. Finally, the course describes the remediation strategies available to mitigate the weakness described by CWE-129.
-
Course: Exposure of System Data to an Unauthorized Control Sphere (CWE-497)
Access this resource for an overview of an online course on CWE-497, which discusses the weaknesses caused by exposure of system data to an unauthorized control sphere. Learn the security impact of this weakness with examples of code to demonstrate the danger to your application security.
-
Introduction to Secure Coding for C/C++
When budgets, customers and reputations are at stake, software developers need every available tool to ensure that applications and code are as secure as possible. Going a step above and beyond, this interactive online learning center provides detailed lessons for securing C/C++ code.
-
Securing Embedded Software with Threat Modeling
This presentation transcript explains threat modeling for embedded software and how it can be used as part of a strategy for creating more secure embedded software.
-
Introducing the Agile Desktop: Achieve high velocity with the Klocwork C/C++ developer's desktop
As Agile is embraced by development organizations everywhere, the need to produce clean, maintainable software quickly is great. To achieve development agility, developers must maintain velocity, eliminate bug debt, and focus on peer interaction. Read this paper to learn how to automate time consuming development activities to boost productivity.