Building secure software using fuzzing and static code analysis

The increased complexity of new technologies and faster software release cycles are making traditional reactive security solutions ineffective. Instead, more adaptable, preemptive product security testing is needed. Moreover, for example, due to agile development and outsourcing, the software development process itself is also becoming more complicated further increasing the need for more effective product security practices.

The Building Security In Maturity Model (BSIMM) and Microsoft’s Security Development Lifecycle (SDL) concept combine preemptive security testing with the SDLC models. Fuzzing and static code analysis are both a natural part of these secure development best practices, because they promote building security into systems proactively, instead protecting vulnerable systems and reacting to security issues.

This whitepaper describes how fuzzing and static code analysis can be used as complementary methods to ensure the security and robustness of your software.

Download the paper in PDF format here.