One of the most important steps in software assurance is establishing the processes that are used in the code that will support the security that is required to minimize potential breaches. Static analysis tools and techniques are an important part of this process. These tools are commonly used to examine code to determine the level of security and to identify areas where security may be weak or missing.
Continue development of your software assurance guidelines document for your selected organization. New content will include a section called Security Static Analysis. In this section, you will focus on an application that your organization might produce. You will first create a design for an application with code samples in C or C++ to illustrate the tenets of the security development model. You will also identify security static analysis tools, and prepare guidelines on how they would be used in the sample code and throughout the software development in the company.
Complete the Security Static Analysis section:
Prepare a design for an application your organization might produce.
Include appropriate diagrams to identify the major components of the application.
Describe the major components and potential security issues where appropriate and as related to the security development model.
Create code samples in C, C++, or Java to illustrate the tenets of the security development model.
Identify at least 3 security static-analysis tools, and prepare guidelines for how they would be used in the sample code and throughout the software development in the company.