ENG 312 - How to Perform a Security Code Review Course (Updated)
Course Details
Course Number: ENG 312
Course Duration: 30 minutes
Course CPE Credits: .6
NICE Specialty Areas
Related Learning Paths
- Developer
- IoT & Embedded Developer
- Core Developer
- C# Developer
- C++ Developer
- C Developer
- Back-End Developer
- .NET Developer
- Cloud Developer
- Web Developer
- HTML5 Developer
- iOS Developer
- Android Developer
- Java Developer
- Microsoft SDL Developer
- Mobile Developer
- Node.js Developer
- PCI Developer
- PHP Developer
- Python Developer
- Ruby on Rails Developer
- Swift Developer
- Front-End Developer
- JavaScript Developer
- Engineer
- DevOps Practitioner
- Q/A Test Engineer
- Embedded Test Engineer
- Architect
- Embedded Architect
- Software Architect
- Admin
- Database Administrator
- Other
- Information Security Specialist
- Application Security Champion
Related Subject Matter
Foreign Languages Available:
- Chinese (S)
- English
- French (CF)
- Spanish (LA)
Course Overview
Application developers have a variety of tools at their disposal to identify flaws in their software. However, many of them cannot be used until late in the development lifecycle: dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. In contrast, manual code reviews can begin at any time leveraging secure coding knowledge. Because manual security code reviews can be laborious if done inefficiently, this course focuses on time saving but effective techniques.
Topics include:
- How to organize and approach code reviews
- Prioritizing code segments to be reviewed
- Maximizing security resources