• How to extend ISC DHCP to serve over 14.1 million IPs

    There are very few scenarios that would require a DHCP server to offer over 14.1 million IPs, but if you happen to encounter one, you may find that your ISC DHCP server immediately segfaults at startup or reports a vague error message and fails to start. Let’s assume that you need to serve a full /8 CIDR block (16.7 million IPs) from your DHCP server.

    Continue reading…

  • Python coding tips #2: string formatting

    The idea behind this topic is a newer way of doing string formatting. If we want to say a simple print out like "Error: Test case 'test_string_formatting' has failed", where test_string_formatting is a value determined by a variable test_case_name, we have a couple of options:

    Continue reading…

  • Python Coding Tips #1: with statements

    A cool thing that is a bit underused in Python applications base is the usage of the with statement.

    The official doc for it can be found here, it reads:

    "The with statement is used to wrap the execution of a block with methods defined by a context manager (see section With Statement Context Managers). This allows common try...except...finally usage patterns to be encapsulated for convenient reuse."

    Continue reading…

  • Analyze 3rd-party code, but exclude it from results

    No one disputes that third-party code saves developer time and effort, but recent product recalls in the automotive sector and security attacks have underscored the need to subject code libraries to source code analysis. The more a system depends on third-party libraries, the more exposure to risk

    Continue reading…

  • Klocwork 10.1: Improved support for C#

    You asked for it and we delivered.

    For Klocwork 10.1, we've improved our C# language support, tailored our desktop analysis tools for your C# codebase, and given you the tools you need to analyze your most complex projects.

    Continue reading…

  • Reacting to Shellshock

    The code security industry is reeling from news that a flaw in the widely-used GNU Bash shell, dubbed Shellshock, could enable attackers to hack into vulnerable systems around the world. There have already been reports of exploits seen live and industry experts are both trying to combat the problem and quantify its impact. It already has four entries in the US National Vulnerability Database, covering similar flaws found after the original one, CVE-2014-6271.

    Continue reading…

  • OWASP Top Ten: What you need to know Part 3

    The OWASP Top 10 is a list of common and exploitable security vulnerabilities in code that’s derived from over five hundred thousand issues being researched today. Knowing this list and how to protect your code helps minimize risk for both yourself and your users. Previously, we looked at how Klocwork handles several items on the list and today, we’ll look at the final two.

    Continue reading…

  • OWASP Top Ten: What you need to know Part 2

    The OWASP Top 10 is a list of common and exploitable security vulnerabilities in code that’s derived from over five hundred thousand issues being researched today. Knowing this list and how to protect your code helps minimize risk for both yourself and your users. Last week, we looked at how Klocwork handles three items and today, we’ll examine two more.

    Continue reading…

  • OWASP Top Ten: What you need to know

    If you’re concerned about application security and what it means for code, then you’ve probably heard of the Open Web Application Security Project (OWASP). This organization is an international not-for-profit foundation dedicated to improving software security through education. Developers use the OWASP Top 10 list of common and exploitable security vulnerabilities to protect their applications and users. The list is based on over five hundred thousand vulnerabilities and is referenced by many standards, books, and organizations including NIST, DISA and the World Wide Web Consortium (W3C).

    Let’s examine three vulnerabilities on OWASP’s 2013 list to see how Klocwork’s static analysis helps find them for you.

    Continue reading…

  • Static analysis as you code in Visual Studio

    On-the-fly analysis provides the same usability model for static analysis as modern spell-checkers have done since Office 95's use of a previously Lotus-only capability for checking your words as you type them.

    Continue reading…