From the course: Static Application Security Testing
Join today to access over 24,400 courses taught by industry experts.
Code review models - SonarQube Tutorial
From the course: Static Application Security Testing
Code review models
- [Instructor] Regardless of whether the secure reviews of your source code are manual or fully automated, you should begin by selecting a model that's right for your organization. You could begin with an over-the-shoulder approach, for example. Literally, have a security tester look over the developer's shoulder as that developer provides a casual explanation of what the code does. As your testing program matures, you can move to a pass-around model, one where multiple people take a look at that code and provide their recommendations on changes that could improve the application's eventual security posture. If you're ready for formal, measurable testing, then a walkthrough model might be more to your liking. Have a team gather together, walk through the code as a group, and define specific changes that need to be made before that code can move forward. Full automation is really the pinnacle of this testing process…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Challenges of assessing source code6m 2s
-
(Locked)
OWASP Code Review Guide6m 40s
-
(Locked)
Static code analysis4m 39s
-
(Locked)
Code review models6m 40s
-
(Locked)
Application threat modeling: STRIDE8m 29s
-
(Locked)
Application threat modeling: DREAD5m 12s
-
(Locked)
Code review metrics5m 59s
-
(Locked)
Demo: Codacy7m 53s
-
(Locked)
Demo: SonarQube7m 10s
-
-
-