What is Security Code Review?
Security code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment. Security code review is a method of assuring secure application developers are following secure development techniques. A general rule of thumb is that a penetration test should not discover any additional application vulnerabilities relating to the developed code after the application has undergone a proper security code review. All security code reviews are a combination of human effort and technology support. At one end of the spectrum is an inexperienced person with a text editor. At the other end of the scale is a security expert with an advanced static analysis tool. Unfortunately, it takes a fairly serious level of expertise to use
Related Questions
- Does performing security code review and vulnerability remediation early in the development life cycle result in any cost savings?
- Can manual code review serve as an effective method of reviewing source code for security vulnerabilities?
- How do I obtain the Calendar ID and Security Code that are necessary to log on to somebodys CareCalendar?
