From the course: Static Application Security Testing
Join today to access over 24,400 courses taught by industry experts.
Code review metrics - SonarQube Tutorial
From the course: Static Application Security Testing
Code review metrics
- [Narrator] I mentioned earlier in this course that you can't effectively manage your application security efforts without the right measurements. This is where metrics come into play. In order to determine the right metrics for your program, you need to start by identifying your audience. Executives are expected to make strategic decisions about their area of the business and to ensure that the business is both healthy and growing under their leadership. If you're sharing application security testing minutia with your execs, then I hate to break it to you, but you might be doing it wrong. Executives want to know if the value from your application security testing activities exceeds the cost of that activity. If you're getting your money's worth, great. If not, then you need to reconsider your approach. Metrics around cost and value will really resonate with executives. Execs also want to know if you need them to make…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Challenges of assessing source code6m 2s
-
(Locked)
OWASP Code Review Guide6m 40s
-
(Locked)
Static code analysis4m 39s
-
(Locked)
Code review models6m 40s
-
(Locked)
Application threat modeling: STRIDE8m 29s
-
(Locked)
Application threat modeling: DREAD5m 12s
-
(Locked)
Code review metrics5m 59s
-
(Locked)
Demo: Codacy7m 53s
-
(Locked)
Demo: SonarQube7m 10s
-
-
-