One of the key aspects of secured application development practice is Security code review. Security code review, as like normal code review, could be done either in automated fashion using one or more tools, or in manual fashion where one or more developers are involved in doing code review. Unlike application normal code review where one needs the knowledge of business functionality and programming language & related technologies’ knowledge, Security code review requires knowledge on different aspects of security including some of the following:
To be able to do effective security code review, one may be required to adopt top-down approach where he/she may be required to know the details of use-case and drill down further. Perform some of the following activities while doing security code review:
This kind of decomposition belongs to threat modeling based on data flow diagrams (DFD).
Thus, honestly speaking, this would require a minimum level of application security training for the developers to be able to perform effective security code review.
Watch out this space for more.
Last updated: 2nd May, 2024 The success of machine learning models often depends on the…
When working on a machine learning project, one of the key challenges faced by data…
Last updated: 1st May, 2024 The bias-variance trade-off is a fundamental concept in machine learning…
Last updated: 1st May, 2024 As a data scientist, understanding the nuances of various cost…
Last updated: 1st May, 2024 In this post, you will learn the concepts related to…
Last updated: 26th April, 2024 In this blog post, we will discuss the logistic regression…