These library resources require an Ounce Labs ID. Log in or register.

Knowledge is Power:
Your software is trying to tell you something

Source code security is key to ensuring data integrity

Source code security is more important than ever as statistics indicate that between seventy to ninety-percent of all internet attacks target the application layer.  To counteract these attacks, new regulations like PCI DSS, which require knowing all the paths and endpoints of your data, are becoming the new security standards of due care.  Valid privacy statements and the ability to hold your outsourcers accountable for meeting security requirements are also critical in ensuring data integrity.  Source code analysis is the only consistent, reliable place to look for this knowledge.

In this paper you will learn more about how to identify and remedy potential threats to application security with source code analysis, including:

1. Data privacy controls like cryptography, persistent and temporary file storage, database access, logging and error handling
2. Authentication and authorization mechanisms including the various checks that will map authenticated users and actions against access control restrictions
3. Malicious code identification and elimination which can mitigate the damaging functionality before it is executed
4. Guidelines and policies for applications, which should be clear or offer proof that more vigilance is needed

These are only a few of the areas where the gap between intended and actual data security can be understood through source code analysis; but, by first creating, evaluating, and then enforcing security requirements within the application, it is possible to know that the application is secure enough.

« Back to Library