Secure Code Review is a measure to help you reveal flaws in your applications before they go live. Secure source code review assesses the security of an application by examining source code. It evaluates the people, the processes, and the technologies in each application. After completing this course from Koenig, students will be able to: identify the root cause of flaws, and build cost-effective recommendations for remediation.Source code analysis (SCA) not only identifies which statement on which line of code is vulnerable, but is also able to identify the tainted variable that introduces the vulnerability. In this way it illustrates the propagation from root cause, to end result.
Testing for security vulnerabilities is complicated by the fact that they often exist in hard-to-reach states or crop up in unusual circumstances. Static analysis tools can peer into more of a program's dark corners with less fuss than dynamic analysis, which requires actually running the code.
Static analysis also has the potential to be applied before a program reaches a level of completion at which testing can be meaningfully performed. The earlier security risks are identified and managed in the software lifecycle, the better. This course covers the static analysis methods, techniques, and tools for white-box secure code review.
By the end of the course, you should be able to meet the following objectives:
- Recognize the need for a static analysis tool
- Know how to integrate white box testing into your SDLC
- Be able to perform secure code review with a static analysis tool
- Identify the type of vulnerabilities you can scan for with a static analysis tool
- Choose a static analysis tool for analysis capabilities, vulnerability taxonomy and your specific needs
- Analyse and prioritize critical vulnerability findings in your software