Skip to 0 minutes and 6 secondsGARY WILLS: This week we're going to look at how we can use tools to find vulnerabilities in our code. A technique we'll use this week is static analysis. It allows us to find the vulnerabilities that we have in our code against a known list of common mistakes. The tool we'll use this week is a HP tool called Fortify. Fortify is a well-established tool within the industry. To help you do this, we will give you some instructions on how to install and use the tool. We will also give you some code with known vulnerabilities to help you get used to the features in the tool when you are looking for vulnerabilities in your code.
Welcome to week 2
In this short video, Dr Gary Wills, introduces you to the topics that we will be covering with you this week.
This week we will be giving you step-by-step instructions on how to set up the development environment and install and use Hewlett Packard Enterprise’s Fortify Static Code Analyzer (SCA) tool. We strongly recommend that you use a virtual machine to build a sandbox so you can test and play around with the tools without any harm to your production environment.
Note: it will take some time to set up the development environment as the file sizes are quite large.
By the end of this week you will be able to:
describe the purpose and benefits for using tools in code development
run code through a specific static analysis tool
implement an input validation security control
© University of Southampton 2017