196 Core Software Security
2. Chmielewski, M., Clift, N., Fonrobert, S., and Ostwald, T. (2007, November).
“MSDN Magazine: Find and Fix Vulnerabilities Before Your Application Ships.”
Available at http://msdn.microsoft.com/en-us/magazine/cc163312.aspx.
3. Microsoft Corporation (2012). How To: Perform a Security Code Review for
Managed Code (.NET Framework 2.0). Available at http://msdn.microsoft.com/
en-us/library/ff649315.aspx.
4. Ibid.
5. Jackson, W. (2009, February). GCN—Technology, Tools and Tactics for Public
Sector IT: “Static vs. Dynamic Code Analysis: Advantages and Disadvantages.”
Available at http://gcn.com/Articles/2009/02/09/Static-vs-dynamic-code-analysis.
aspx?p=1.
6. Cornell, D. (2008, January). OWASP San Antonio Presentation:
“Static Analysis Techniques for Testing Application Security.”
Available at http://www.denimgroup.com/media/pdfs/DenimGroup_
StaticAnalysisTechniquesForTestingApplicationSecurity_OWASPSan
Antonio_20080131.pdf.
7. Jackson, W. (2009, February). GCN—Technology, Tools and Tactics for Public
Sector IT: “Static vs. Dynamic Code Analysis: Advantages and Disadvantages.”
Available at http://gcn.com/Articles/2009/02/09/Static-vs-dynamic-code-analysis.
aspx?p=1.
8. Cornell, D. (2008, January). OWASP San Antonio Presentation:
“Static Analysis Techniques for Testing Application Security.”
Available at http://www.denimgroup.com/media/pdfs/DenimGroup_
StaticAnalysisTechniquesForTestingApplicationSecurity_OWASPSan
Antonio_20080131.pdf.
9. Jackson, W. (2009, February). GCN—Technology, Tools and Tactics for Public
Sector IT: “Static vs. Dynamic Code Analysis: Advantages and Disadvantages.”
Available at http://gcn.com/Articles/2009/02/09/Static-vs-dynamic-code-analysis.
aspx?p=1.
10. Cornell, D. (2008, January). OWASP San Antonio Presentation:
“Static Analysis Techniques for Testing Application Security.”
Available at http://www.denimgroup.com/media/pdfs/DenimGroup_
StaticAnalysisTechniquesForTestingApplicationSecurity_OWASPSan
Antonio_20080131.pdf.
11. Jackson, W. (2009, February). GCN—Technology, Tools and Tactics for Public
Sector IT: “Static vs. Dynamic Code Analysis: Advantages and Disadvantages.”
Available at http://gcn.com/Articles/2009/02/09/Static-vs-dynamic-code-analysis.
aspx?p=1.
12. Cornell, D. (2008, January). OWASP San Antonio Presentation:
“Static Analysis Techniques for Testing Application Security.”
Available at http://www.denimgroup.com/media/pdfs/DenimGroup_
StaticAnalysisTechniquesForTestingApplicationSecurity_OWASPSan
Antonio_20080131.pdf.
13. The Open Web Application Security Project (OWASP) (2012). “Fuzzing.”
Available at https://www.owasp.org/index.php/Fuzzing.