From the course: Static Application Security Testing
Join today to access over 24,700 courses taught by industry experts.
OWASP Code Review Guide - SonarQube Tutorial
From the course: Static Application Security Testing
OWASP Code Review Guide
- [Instructor] If you are looking for a step-by-step guide to performing a source code security review, then the OWASP Code Review Guide is the first resource you should check out. This guide begins with considerable information on what a code security review is, how to scope it, how to couple these reviews with penetration testing, and a methodology for integrating these reviews into your SDLC. OWASP built this guide to align with the top 10 web application security risks. For each item in the top 10, the code review guide includes specific code snippets, that demonstrate how those flaws might actually appear in source code. More importantly, the guide shows you what to review and how to validate that the code is resistant to certain attacks. The guide also includes detailed references for further reading, using resources that are both internal to OWASP, and resources hosted on external sites like mitre.org,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Challenges of assessing source code6m 2s
-
(Locked)
OWASP Code Review Guide6m 40s
-
(Locked)
Static code analysis4m 39s
-
(Locked)
Code review models6m 40s
-
(Locked)
Application threat modeling: STRIDE8m 29s
-
(Locked)
Application threat modeling: DREAD5m 12s
-
(Locked)
Code review metrics5m 59s
-
(Locked)
Demo: Codacy7m 53s
-
(Locked)
Demo: SonarQube7m 10s
-
-
-