Video Topics: Testwell CTC++ Testwell CMT++/CMTJava CodeSentry CodeSonar Imagix 4D Codee Company Team Events SW-Testing ALL
YouTube Playlists (Link to YouTube)
Videos in other languages:
CodeSonar
Do We Really Even Need Static Analysis Anymore?
03:28 March 2020
As Mark Hermeling, Director of Product Marketing for GrammaTech explains, dynamic analysis code testing tools may identify errors like NULL pointer dereferences or buffer overflows days or weeks after the original author has finished writing the code. But with static analysis, you're able to find those code quality issues earlier in the development cycle, eliminating a lot of potential cost, headaches, and wasted time later on. ...
03:28 March 2020
As Mark Hermeling, Director of Product Marketing for GrammaTech explains, dynamic analysis code testing tools may identify errors like NULL pointer dereferences or buffer overflows days or weeks after the original author has finished writing the code. But with static analysis, you're able to find those code quality issues earlier in the development cycle, eliminating a lot of potential cost, headaches, and wasted time later on. ...
Embedded World 2018: GrammaTech with Innovations for CodeSonar
02:03 March 2018
GrammaTech CodeSonar is the leading tool for advanced static source code and binary analysis. GrammaTech is working on a groundbreaking technology that combines static and dynamic analysis techniques. A completely new plug-in for CodeSonar which detects state violations during host-based testing by analyzing memory usage will be available later this year. For developers, this means more efficiency, less security risks, and shorter time-to-market.
02:03 March 2018
GrammaTech CodeSonar is the leading tool for advanced static source code and binary analysis. GrammaTech is working on a groundbreaking technology that combines static and dynamic analysis techniques. A completely new plug-in for CodeSonar which detects state violations during host-based testing by analyzing memory usage will be available later this year. For developers, this means more efficiency, less security risks, and shorter time-to-market.
DevSecOps – Detecting 0-day and N-day vulnerabilities, everyday
27:40 May 2021
Walter Capitani explains in this presentation:
The software development industry is in the midst of a shift to integrating security into the software development process - this is often referred to as DevSecOps, the combination of Development, Security and Operations. A key part of the DevSecOps movement is to perform security testing as close to the developer as possible to find vulnerabilities earlier in the development cycle. A proven technique to find issues early is the integration of Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools into CI/CD pipelines. Integration of these tools will execute tests and detect new vulnerabilities automatically with every code change. Join this session to learn how the latest release of odeSonar and CodeSentry solutions work together to support DevSecOps and detect N-day vulnerabilities in your source code, binaries, and 3rd party software components.
27:40 May 2021
Walter Capitani explains in this presentation:
The software development industry is in the midst of a shift to integrating security into the software development process - this is often referred to as DevSecOps, the combination of Development, Security and Operations. A key part of the DevSecOps movement is to perform security testing as close to the developer as possible to find vulnerabilities earlier in the development cycle. A proven technique to find issues early is the integration of Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools into CI/CD pipelines. Integration of these tools will execute tests and detect new vulnerabilities automatically with every code change. Join this session to learn how the latest release of odeSonar and CodeSentry solutions work together to support DevSecOps and detect N-day vulnerabilities in your source code, binaries, and 3rd party software components.
Finding the Serious Bugs that Matter with Advanced Static Analysis
44:34 May 2021
Dr. Paul Anderson explains in this presentation:
Many teams use static analysis tools primarily to enforce coding standards like MISRA that are designed to make programming in highly risky languages such as C and C++ much less hazardous. However, because C and C++ are such dangerous languages, programs that seem perfectly compliant with these standards may still contain serious defects and security vulnerabilities due to the inadvertent introduction of undefined behavior. The primary purpose of advanced static analysis tools is to see past the superficial syntactic properties of programs and into their deep semantic meaning, and by doing so, find those bugs. This talk will describe how these tools work, and will show some concrete examples of real bugs that they found in production code, despite the code having gone through style checking, manual review, and testing. Finally, you will get a taste of how users can customize the tools to their own domain, thereby allowing users to greatly increase the value they receive from using them.
44:34 May 2021
Dr. Paul Anderson explains in this presentation:
Many teams use static analysis tools primarily to enforce coding standards like MISRA that are designed to make programming in highly risky languages such as C and C++ much less hazardous. However, because C and C++ are such dangerous languages, programs that seem perfectly compliant with these standards may still contain serious defects and security vulnerabilities due to the inadvertent introduction of undefined behavior. The primary purpose of advanced static analysis tools is to see past the superficial syntactic properties of programs and into their deep semantic meaning, and by doing so, find those bugs. This talk will describe how these tools work, and will show some concrete examples of real bugs that they found in production code, despite the code having gone through style checking, manual review, and testing. Finally, you will get a taste of how users can customize the tools to their own domain, thereby allowing users to greatly increase the value they receive from using them.
GrammaTech CodeSonar Quick Demo
04:01 August 2012
Brief demo of the static code analysis tool Grammatech CodeSonar®.
04:01 August 2012
Brief demo of the static code analysis tool Grammatech CodeSonar®.
Tools to Perform a Security Review on Unknown Code
43:29 May 2021
John Blattner, President Imagix Corp. and Walter Capitani, Director Technical Product Management, GrammaTech Inc. USA, explain in this presentation: Performing a deep security review on third party code is hard. You typically receive a bunch of source code, no design documents, very little comments in the source code. Still, you have to do an assessment of the code and provide a risk score. Where do you get started? Learn how tools can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix 4D comes in, it can overlay the path of the static analysis warning over a design that is reverse engineered from the source code. And that is just one of the many tricks.
43:29 May 2021
John Blattner, President Imagix Corp. and Walter Capitani, Director Technical Product Management, GrammaTech Inc. USA, explain in this presentation: Performing a deep security review on third party code is hard. You typically receive a bunch of source code, no design documents, very little comments in the source code. Still, you have to do an assessment of the code and provide a risk score. Where do you get started? Learn how tools can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix 4D comes in, it can overlay the path of the static analysis warning over a design that is reverse engineered from the source code. And that is just one of the many tricks.
Machine Learning for Finding Programming Defects and Anomalies
37:45 March 2019
6. Static Code Analysis Day 2019:
This talk will describe how machine learning techniques work and will show how they are able to find several previously unknown bugs in high-profile software systems. It will demonstrate how software developers can use these techniques to find defects that are otherwise very difficult to anticipate.
37:45 March 2019
6. Static Code Analysis Day 2019:
This talk will describe how machine learning techniques work and will show how they are able to find several previously unknown bugs in high-profile software systems. It will demonstrate how software developers can use these techniques to find defects that are otherwise very difficult to anticipate.
CodeSonar: DevSecOps for Source Code
07:15 May 2021
DevSecOps brings security testing into the software development cycle. Thus vulnerabilities are found (and fixed) earlier.
Uncertainty is reduced. This video shows, how development teams can profit from the Static Code Analysis Tool CodeSonar. Excerpt of a presentation at Static Anaylsis Day 2021 hosted by Verifysoft.
07:15 May 2021
DevSecOps brings security testing into the software development cycle. Thus vulnerabilities are found (and fixed) earlier.
Uncertainty is reduced. This video shows, how development teams can profit from the Static Code Analysis Tool CodeSonar. Excerpt of a presentation at Static Anaylsis Day 2021 hosted by Verifysoft.
Video Topics: Testwell CTC++ Testwell CMT++/CMTJava CodeSentry CodeSonar Imagix 4D Codee Company Team Events SW-Testing ALL