View
388
Download
0
Category
Preview:
Citation preview
Parasoft © 2013 1
2013-12-20
Arthur Hicken – Parasoft
December 2013
Parasoft © 2013 22
Open and hide your control panel
Join audio:
• Choose “Mic & Speakers” to use
VoIP
• Choose “Telephone” and dial
using the information provided
Submit questions and comments via
the Questions panel
Note: Today’s presentation is being
recorded and will be provided within
a week.
Your Participation
GoToWebinar Housekeeping
Parasoft © 2013 33
1 Overloaded System
Know the load you need
Normal
Peak
Test before deploying
Isolate each component
Service Virtualization
Parasoft © 2013 44
2 Text Editors
Text editors
• VI
• Emacs
Modern editors:
• Save Time
• Reduce bugs
• Increase understanding
Parasoft © 2013 55
Results where they’re needed
Email is not an IDE
Browser is not an IDE
Tasks
Automatically
Distributed
Parasoft © 2013 66
3 accidental assignments
if (a = b) {}
If a.equals(b){
Parasoft © 2013 77
4 Plaintext Passwords
Sensitive data should be encrypted
Sending
Storing
Enforce reasonable passwords
Parasoft © 2013 88
5 SQLi
Common
Easy to exploit
Easy to prevent
Data validation
Stored procedures
Parasoft © 2013 99
6 Unstable builds
Non-repeatable builds
Human steps required
Artifacts not all under control
Environment not under control
Parasoft © 2013 1010
7 Memory Errors
Overwrites
Read overflow
Write overflow
Lucky pointers
Uninitialized memory
Buffer underrun
Dangling references
Parasoft © 2013 1111
8 Unhandled exceptions
When to handle, when to re-throw
Run-time vs compile-time checking
Empty handlers
Parasoft © 2013 1212
9 Race Conditions
Hard to find
Hard to reproduce
Careful API use
Parasoft © 2013 1313
10 False Positives
Proper Configuration
Proper Rules
Proper Suppressions
Leaving noise leads to missing
issues
Parasoft © 2013 1414
Doing too much
Too many rules
Too much code
Unimportant rules
Parasoft © 2013 1515
11 Memory Leaks
All software leaks
Resources, not just memory
Proper API use
Runtime debugger with good test suite
Parasoft © 2013 1616
12 Null Pointers
Affect stability
Important for APIs
Can be prevented
Parasoft © 2013 1717
The Whole List
1 - Overloaded system
2 - Text editors
3 - Accidental assignments
4 – Plaintext passwords
5 – SQLi
6 – Unstable builds
7 – Memory errors
8 – Unhandled exceptions
9 – Race conditions
10 – False positives
11 - Memory leaks
12 - Null pointers
Parasoft © 2013 1818
Next
Coming in January
New Years resolutions for Software Development
Parasoft © 2013 1919
Web http://www.parasoft.com/jsp/resources
Blog http://alm.parasoft.com
Social
Facebook: https://www.facebook.com/parasoftcorporation
Twitter: @Parasoft @MustRead4Dev
LinkedIn: http://www.linkedin.com/company/parasoft
Google+ Community: Static Analysis for Fun and Profit
Recommended