From the course: Static Application Security Testing
Join today to access over 24,400 courses taught by industry experts.
Static code analysis - SonarQube Tutorial
From the course: Static Application Security Testing
Static code analysis
- [Narrator] I've said it before and I'm going to keep saying it. When it comes to application security testing, especially static code analysis, automation is where it's at. The only way you're going to achieve the coverage you need to secure your source code, is by adding automated scanners to the mix. But there are a lot, and I mean a lot of code security scanners to pick from. How do you know which scanner to use? The best place to start is with the programming language that you'll be assessing, oh, sorry did I say language? I meant languages. During the documentation review, you should have uncovered the languages that the development team or teams are using. This information is essential when it comes to selecting the tool or tools that you'll use to perform automated static source code security testing. Take these three tools for example. If you've ever tested Python apps for security flaws, then you may…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Challenges of assessing source code6m 2s
-
(Locked)
OWASP Code Review Guide6m 40s
-
(Locked)
Static code analysis4m 39s
-
(Locked)
Code review models6m 40s
-
(Locked)
Application threat modeling: STRIDE8m 29s
-
(Locked)
Application threat modeling: DREAD5m 12s
-
(Locked)
Code review metrics5m 59s
-
(Locked)
Demo: Codacy7m 53s
-
(Locked)
Demo: SonarQube7m 10s
-
-
-