ENG 312: How to Perform a Security Code Review
Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development lifecycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools - only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed.
By the end of this course, participants will be able to:
- Organize code reviews and prioritize code segments to be reviewed
- Learn the methodology for performing a code review
- Understand best practices for reviewing source code and maximize resources
This course can be customized for Instructor-Led training. Course contents and duration may vary. Contact us for details.