ENG 312 - How to Perform a Security Code Review
Application developers have a variety of tools at their disposal to identify flaws in their software. However, many of them cannot be used until late in the development lifecycle: dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. In contrast, manual code reviews can begin at any time leveraging secure coding knowledge. Because manual security code reviews can be laborious if done inefficiently, this course focuses on time saving but effective techniques.
- How to organize and approach code reviews
- Prioritizing code segments to be reviewed
- Maximizing security resources