Industries: Source Code Review (Malaysia)
Quite remarkable to know that industries in Malaysia are involving in current cyber security requirements by providing services such as code review and penetration testing. Some of them get involved since 2016 by supporting Multinational Company.
LGMS @ Asia Cybersecurity Exchange
Teleawan Sdn Bhd
Most of the industries globally use OWASP Code Review Methodology.
You may easily find the current version of OWASP CODE REVIEW GUIDE 2.0 from https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf
The contents are:
How to use the guide
Secure Code Review
Reviewing by Framework
OWASP Top Ten A1 – A10 [refer below]
OWASP Top 10 Web Application Security Risks
Globally recognized by developers as the first step towards more secure coding. – OWASP
Source Code Analysis Tools
Also known as Static Application Security Testing (SAST) Tools. Others information:
- Important Selection Criteria (of tools)
- Open Source & Commercial Tools available
For details, go to: https://owasp.org/www-community/Source_Code_Analysis_Tools
Source Code Review vs. Penetration Testing for Web Application Security by Uladzislau Murashka. Penetration Testing Consultant, ScienceSoft.
“The article gives a clear view of the importance of comprehensive security testing. For web applications involving sensitive data (Healthcare,Banking, Insurance web applications.) it’s a perennial must. While pentesting explores vulnerable application areas, which may let the hackers in, code review helps detect internal problems and inconsistencies. Though these problems are not visible to outside hackers, they may be at the root of application vulnerability. “ Elizabeth Barkaline (2017)
Go to: https://www.scnsoft.com/blog/web-applications-security-source-code-review-vs-penetration-testing (accessed at April 28, 2020)
What you should know before you Pick Secure Code Review services?
Interesting article to know more about Secure Code Review services that consist the following:
4 processes in SSDLC’s Coding (or Development) Phase
4 types of Code Reviews
Tools and checklist for Code Review
Practices for organization’s secure code
Top 10 Most Popular Code Review Tools For Developers And Testers
Top 40 Static Code Analysis Tools (Best Source Code Analysis Tools)
As a computer security student and software developer, I hope that we share the same excitement for the code review methodology and technology.
Your task for submission:
A page report that summarized the Code Review content here that you learn and understand.
Please include feedback – what do you know 1) before learning; 2) after learning and 3) how it will help you in the future job.
Submit to e-learning by Monday May 4, 4:03pm.