scholarly journals STATIC CODE ANALYSIS FOR SOFTWARE QUALITY IMPROVEMENT: A CASE STUDY IN BCI FRAMEWORK DEVELOPMENT

2010 ◽  
Vol 9 (2) ◽  
Author(s):  
Indar Sugiarto
Keyword(s):  
Quality Improvement ◽  
Software Quality ◽  
Code Analysis ◽  
Static Code Analysis ◽  
Framework Development

A Case Study on Testing for Software Security

2012 ◽  
pp. 89-112
Author(s):  
Natarajan Meghanathan ◽  
Alexander Roy Geoghegan
Keyword(s):  
Software Security ◽  
Denial Of Service ◽  
Source Code ◽  
Code Analysis ◽  
Software Vulnerabilities ◽  
Static Code Analysis ◽  
Software Program ◽  
Automated Tools ◽  
High Level

The high-level contribution of this book chapter is to illustrate how to conduct static code analysis of a software program and mitigate the vulnerabilities associated with the program. The automated tools used to test for software security are the Source Code Analyzer and Audit Workbench, developed by Fortify, Inc. The first two sections of the chapter are comprised of (i) An introduction to Static Code Analysis and its usefulness in testing for Software Security and (ii) An introduction to the Source Code Analyzer and the Audit Workbench tools and how to use them to conduct static code analysis. The authors then present a detailed case study of static code analysis conducted on a File Reader program (developed in Java) using these automated tools. The specific software vulnerabilities that are discovered, analyzed, and mitigated include: (i) Denial of Service, (ii) System Information Leak, (iii) Unreleased Resource (in the context of Streams), and (iv) Path Manipulation. The authors discuss the potential risk in having each of these vulnerabilities in a software program and provide the solutions (and the Java code) to mitigate these vulnerabilities. The proposed solutions for each of these four vulnerabilities are more generic and could be used to correct such vulnerabilities in software developed in any other programming language.

scholarly journals Automated Code-Smell Detection in Microservices Through Static Analysis: A Case Study

2020 ◽  
Vol 10 (21) ◽  
pp. 7800
Author(s):  
Andrew Walker ◽  
Dipta Das ◽  
Tomas Cerny
Keyword(s):  
Distributed Applications ◽  
Code Smells ◽  
Typical Application ◽  
Code Analysis ◽  
Enterprise Application ◽  
Static Code Analysis ◽  
Code Smell ◽  
Complex Architecture ◽  
Microservice Architecture

Microservice Architecture (MSA) is becoming the predominant direction of new cloud-based applications. There are many advantages to using microservices, but also downsides to using a more complex architecture than a typical monolithic enterprise application. Beyond the normal poor coding practices and code smells of a typical application, microservice-specific code smells are difficult to discover within a distributed application setup. There are many static code analysis tools for monolithic applications, but tools to offer code-smell detection for microservice-based applications are lacking. This paper proposes a new approach to detect code smells in distributed applications based on microservices. We develop an MSANose tool to detect up to eleven different microservice specific code smells and share it as open-source. We demonstrate our tool through a case study on two robust benchmark microservice applications and verify its accuracy. Our results show that it is possible to detect code smells within microservice applications using bytecode and/or source code analysis throughout the development process or even before its deployment to production.

Sign in / Sign up

Export Citation Format

Share Document