NOTE Preconditions are a set of one or more conditions that must be true
upon entry into a particular portion of a program. Typical preconditions might
include the fact that a pointer must not be NULL, or that an integer value
must be greater than zero. Postconditions are a set of conditions that must hold
upon exit from a particular section of a program. These often include statements regarding
expected return values and the conditions under which each value might occur.
One of the drawbacks to using PREfast is that it may require substantial effort to use
with projects that have been created on Unix-based platforms, effectively eliminating it
as a scanning tool for such projects.
The Utility of Source Code Auditing Tools
It is clear that source code auditing tools can focus developers??™ eyes on problem areas in
their code, but how useful are they for an ethical hacker? The same output is available to
both the white hat and the black hat hacker, so howis each likely to use the information?
The White Hat Point of View
The goal of a white hat reviewing the output of a source code auditing tool should be to
make the software more secure. If we trust that these tools accurately point to problem
code, it will be in the white hat??™s best interest to spend her time correcting the problems
noted by these tools.
Pages:
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510