All Research Sponsored By:Klocwork

Defend Against Injection-based Attacks
WHITE PAPER: This paper provides a detailed description of injection vulnerabilities, discusses how they present themselves to both end users and software developers, and explains mitigation strategies to help resolve the various types of injection attacks.
Posted: 27 Dec 2013 | Published: 27 Dec 2013


Challenging Some of the Myths About Static Code Analysis
WHITE PAPER: This paper addresses common myths surrounding static code analysis and explains what the technology can do for developers and the software development lifecycle.
Posted: 27 Dec 2013 | Published: 30 Nov 2013


Course: Insecure Temporary Files (CWE-377)
WEBCAST: This course begins with an overview of the use of insecure temporary files vulnerability and its common causes. A technical description of the issue is presented along with code examples to show the vulnerability. Finally, the course describes the remediation strategies used to mitigate the weakness described by CWE-377.
Posted: 13 Nov 2013 | Premiered: Nov 13, 2013


Course: Improper Validation of Array Index (CWE-129)
WEBCAST: This course begins with an overview of improper validation of array indices. It describes the security impact of the weakness and provides a technical description of the issue, along with code examples to show the vulnerability. Finally, the course describes the remediation strategies available to mitigate the weakness described by CWE-129.
Posted: 13 Nov 2013 | Premiered: Nov 13, 2013


Course: Exposure of System Data to an Unauthorized Control Sphere (CWE-497)
WEBCAST: Access this resource for an overview of an online course on CWE-497, which discusses the weaknesses caused by exposure of system data to an unauthorized control sphere. Learn the security impact of this weakness with examples of code to demonstrate the danger to your application security.
Posted: 08 Nov 2013 | Premiered: Nov 8, 2013


Introduction to Secure Coding for C/C++
RESOURCE CENTER: When budgets, customers and reputations are at stake, software developers need every available tool to ensure that applications and code are as secure as possible. Going a step above and beyond, this interactive online learning center provides detailed lessons for securing C/C++ code.
Posted: 19 Sep 2011 | Published: 19 Sep 2011


Securing Embedded Software with Threat Modeling
PRESENTATION TRANSCRIPT: This presentation transcript explains threat modeling for embedded software and how it can be used as part of a strategy for creating more secure embedded software.
Posted: 02 Sep 2011 | Published: 02 Sep 2011


Introducing the Agile Desktop: Achieve high velocity with the Klocwork C/C++ developer's desktop
WHITE PAPER: As Agile is embraced by development organizations everywhere, the need to produce clean, maintainable software quickly is great. To achieve development agility, developers must maintain velocity, eliminate bug debt, and focus on peer interaction. Read this paper to learn how to automate time consuming development activities to boost productivity.
Posted: 22 Feb 2010 | Published: 01 Nov 2009