Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Risk Analysis in Software Design
IEEE Security and Privacy
IEEE Security and Privacy
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
IEEE Security and Privacy
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Software Security Analysis - Execution Phase Audit
EUROMICRO '05 Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications
Putting the Tools to Work: How to Succeed with Source Code Analysis
IEEE Security and Privacy
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Using groupings of static analysis alerts to identify files likely to contain field failures
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Using groupings of static analysis alerts to identify files likely to contain field failures
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Effect of static analysis tools on software security: preliminary investigation
Proceedings of the 2007 ACM workshop on Quality of protection
ISA: a source code static vulnerability detection system based on data fusion
Proceedings of the 2nd international conference on Scalable information systems
Evaluating the cost reduction of static code analysis for software security
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Source Code Verification Tools for Software Security Bugs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Predicting software defect density: a case study on automated static code analysis
XP'07 Proceedings of the 8th international conference on Agile processes in software engineering and extreme programming
Event-based input validation using design-by-contract patterns
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Information and Software Technology
An architecture-centric approach to detecting security patterns in software
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
JSquash: source code analysis of embedded database applications for determining SQL statements
INAP'09 Proceedings of the 18th international conference on Applications of declarative programming and knowledge management
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
A method of software defects mining based on static analysis
IEA/AIE'12 Proceedings of the 25th international conference on Industrial Engineering and Other Applications of Applied Intelligent Systems: advanced research in applied artificial intelligence
Exposing security risks for commercial mobile devices
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Detecting control flow in smarphones: combining static and dynamic analyses
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
An enhanced security mechanism for web service based systems
ICPCA/SWS'12 Proceedings of the 2012 international conference on Pervasive Computing and the Networked World
A comparative evaluation of static analysis actionable alert identification techniques
Proceedings of the 9th International Conference on Predictive Models in Software Engineering
Secure development tool adoption in open-source
Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity
| Hi-index | 0.00 |
All software projects are guaranteed to have one artifact in common: source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. Here, we'll look at how to automate source-code security analysis with static analysis tools.