Software development has always been an exercise in managing complexity because there appears to be no end to the problems to which we can apply automatic computation. It has progressed as a discipline as good minds have created abstractions that transform that complexity into simplicity.
For software to be reusable, it must be usable in a variety of contexts, and an important attribute of reusability at the code level is genericity. Learn more about defining for reuse and using generics.
Due to the increased emphasis on computer security, great advances have been made in static analyzer tools that can detect many code errors that often elude programmers, compilers, test suites, and visual reviews. Traditional tools such as "lint" detectors are plagued with high false positive rates. Gregory Pope discusses the steps his organization used to evaluate and select a static analyzer tool and pilot its implementation. He describes how they rolled out the tool to developers and how it is being used today. Greg shares the results they achieved on real code (C, C++, and Java) and the valuable code metrics they obtained as a byproduct of its use. Greg discusses the skills needed to use the tools, ways to interpret the results, and techniques they used for winning over developers.
The features of static code analyzers
Defects that can be found with these tools
Gregory Pope, William Oliver and Kimberly Ferrari, Lawrence Livermore National Laboratory
Despite the hype, test-driven development is not as easy as child's play. Successful implementation of TDD requires discipline and an understanding of the potential pitfalls. This article examines the "fine print" of TDD and explains how following some guidelines can help you make it a valuable addition to your development toy box.
Getting all of the necessary people together to define what "done" means in a software development project will be difficult. Facilitating such a task will probably be a challenge, but there is nothing like working in an organization that works like a well-oiled machine, where everyone knows what is expected of him or her and just naturally does it.
The Web has enabled pervasive global information sharing, commerce, and communications on a scale thought to be impossible only ten years ago. At the same time, the Web dealt a setback in the user interface experience of networked applications. Only now are Web standards and technologies emerging that can bring us back to the rich and robust user experiences that were developed in the desktop client/server era before the Web came along. Wayne Hom presents examples of great, rich client Web user interfaces and discusses the enabling tools, technologies, and methodologies for today’s popular Web 2.0 approaches. Wayne discusses the not-so-obvious pitfalls of the new technologies and concludes with a look at user interface opportunities beyond the current Web 2.0 state-of-the-art to see what may be possible in the future.
User experiences on the Web versus older technologies
There is no longer any question that-when appropriately used-quantitative measurement and management of software projects works. As with any tool, the phrase "appropriately used" tells the tale. Drawing on his experiences using quantitative and statistical measurement, Ed Weller provides insights into the key phrase "appropriate use." Ed offers cases of useful-and not so useful-attempts to use the "high maturity" concepts in the Capability Maturity Model Integration® (CMMI®) to illustrate how you can either achieve a high return on your investment in these methods or fail miserably. After an introduction to the theory of statistical measurement, Ed presents examples of the successful use of statistical measures and discusses the traps and pitfalls of their incorrect implementation.
Edward Weller, Integrated Productivity Solutions, LLC
Security threats are becoming increasingly more dangerous to consumers and to your organization. Paco Hope provides the latest on static analysis techniques for finding vulnerabilities and the tools you need for performing white-box secure code reviews. He provides guidance on selecting and using source code static analysis and navigation tools. Learn why secure code reviews are imperative and how to implement a secure code review process in terms of tasks, tools, and artifacts. In addition to describing the steps in the static analysis process, Paco explains methods for examining threat boundaries, error handling, and other "hot spots" in software. Find out about the analysis techniques of Attack Resistance Analysis, Ambiguity Analysis, and Underlying Framework Analysis as ways to expose risk and prioritize remediation of insecure code.
Why secure code reviews are the right approach for finding security defects
One of the features that makes Eclipse so popular within the Java community is the abundance of easy to use plug-ins. Many of these are freely available open-source tools. Plug-ins are available for virtually anything from implementing database connectivity to instant messaging. Because code quality is a critical aspect of production software applications, Eclipse has built-in tools that help developers write and deliver high quality code. Levent Gurses has employed a number of external plug-ins, including PMD, CheckStyle, JDepend, FindBugs, Cobertura, CPD, Metrics, and others to transform Eclipse into a powerhouse for writing, testing, and releasing high quality Java code. Levent shows you how to use Eclipse to improve your team's coding habits, enforce organizational standards, and zap bugs before they reach the client.
The standard quality check tools available in Eclipse
Approximately three-fourths of today's successful system security breaches are perpetrated not through network or operating system security flaws but through customer-facing Web applications. How can you ensure that your organization is protected from holes that let hackers invade your systems? Only by thoroughly testing your Web applications for security defects and vulnerabilities. Michael Sutton describes the three basic security testing approaches available to testers-source code analysis, manual penetration testing, and automated penetration testing. Michael explains the key differences in these methods, the types of defects and vulnerabilities that each detects, and the advantages and disadvantages of each method. Learn how to get started in security testing and how to choose the best strategy for
Basic security vulnerabilities in Web applications