Secure Programming with Static Analysis


Brian Chess, Jacob West


Buy from Amazon

Almost finished reading the book and I would never look at any source code again without security in mind. The first chapters describe how static analysis tools work. Later chapters on buffer overflows are excellent although with some minor typos. Web programming chapters on HTTP, XML, services, privacy and privilege were very illuminating. I was very eager to buy this book because I had been developing parts of C++ static code analysis tool for Programming Research (PRQA C++) 5 years ago although at that time the company didn't anticipate this market segment. Highly recommended for software engineers developing new or maintaining old software and security engineers performing code reviews.