One of the key aspects of secured application development practice is Security code review. Security code review, as like normal code review, could be done either in automated fashion using one or more tools, or in manual fashion where one or more developers are involved in doing code review. Unlike application normal code review where one needs the knowledge of business functionality and programming language & related technologies’ knowledge, Security code review requires knowledge on different aspects of security including some of the following:
To be able to do effective security code review, one may be required to adopt top-down approach where he/she may be required to know the details of use-case and drill down further. Perform some of the following activities while doing security code review:
This kind of decomposition belongs to threat modeling based on data flow diagrams (DFD).
Thus, honestly speaking, this would require a minimum level of application security training for the developers to be able to perform effective security code review.
Watch out this space for more.
Large language models (LLMs) have fundamentally transformed our digital landscape, powering everything from chatbots and…
As Large Language Models (LLMs) evolve into autonomous agents, understanding agentic workflow design patterns has…
In today's data-driven business landscape, organizations are constantly seeking ways to harness the power of…
In this blog, you would get to know the essential mathematical topics you need to…
This blog represents a list of questions you can ask when thinking like a product…
AI agents are autonomous systems combining three core components: a reasoning engine (powered by LLM),…