source code analysis

Source Code Review and Analysis

Course Description

Secure Code Review is a measure to help you reveal flaws in your applications before they go live. Secure source code review assesses the security of an application by examining source code. It evaluates the people, the processes, and the technologies in each application. After completing this course from Koenig, students will be able to: identify the root cause of flaws, and build cost-effective recommendations for remediation.Source code analysis (SCA) not only identifies which statement on which line of code is vulnerable, but is also able to identify the tainted variable that introduces the vulnerability. In this way it illustrates the propagation from root cause, to end result.

Testing for security vulnerabilities is complicated by the fact that they often exist in hard-to-reach states or crop up in unusual circumstances. Static analysis tools can peer into more of a program's dark corners with less fuss than dynamic analysis, which requires actually running the code.

Static analysis also has the potential to be applied before a program reaches a level of completion at which testing can be meaningfully performed. The earlier security risks are identified and managed in the software lifecycle, the better. This course covers the static analysis methods, techniques, and tools for white-box secure code review.

By the end of the course, you should be able to meet the following objectives:

  • Recognize the need for a static analysis tool
  • Know how to integrate white box testing into your SDLC
  • Be able to perform secure code review with a static analysis tool
  • Identify the type of vulnerabilities you can scan for with a static analysis tool
  • Choose a static analysis tool for analysis capabilities, vulnerability taxonomy and your specific needs
  • Analyse and prioritize critical vulnerability findings in your software

Pre requisites

Prior to enrolling, candidates must have basic knowledge of software testing processes, software development experience with one or more programming languages and knowledge of OWASP Top 10 vulnerabilities

Target Audience

This course is intended for all software development staff directly responsible for testing and evaluating software, including developers performing unit testing and QA and test personnel performing integration and system testing.

Course Duration

  • 40 Hours

Modules Covered

    Secure Code Review?
  • Audit Source Code .net
  • Audit Source Code Java
  • Audit Source Code PHP
    Source code analysis (SCA)
  • The Software Security Problem
  • White-Box Testing and The SDLC
  • Different Types of Code Analysis
  • Manually Source Code Analysis
  • Source Code Analysis (Tool Driven)
  • Implementation of SCA Tools
  • Limits & Strength of SCA Tools
  • Creating & Managing Scans
  • Scan list & Results