{"id":1389,"date":"2020-04-29T15:23:35","date_gmt":"2020-04-29T07:23:35","guid":{"rendered":"https:\/\/people.utm.my\/rashidah\/?p=1389"},"modified":"2020-04-29T15:23:35","modified_gmt":"2020-04-29T07:23:35","slug":"software-security-code-review","status":"publish","type":"post","link":"https:\/\/people.utm.my\/rashidah\/2020\/04\/29\/software-security-code-review\/","title":{"rendered":"Software Security: Code Review"},"content":{"rendered":"<h4><strong>CODE REVIEW<\/strong><\/h4>\n<p>&nbsp;<\/p>\n<h5><strong>Industries: Source Code Review (Malaysia)<\/strong><\/h5>\n<h5>Quite remarkable to know that industries in Malaysia are involving in current cyber security requirements by providing services such as code review and penetration testing. Some of them get involved since 2016 by supporting Multinational Company.<\/h5>\n<p>&nbsp;<\/p>\n<h5>They are:<\/h5>\n<h5><\/h5>\n<h5><span style=\"color: #000000\"><strong>LGMS @ Asia Cybersecurity Exchange\u00a0<\/strong><\/span><\/h5>\n<h5>Go to: <a href=\"https:\/\/lgms.global\/source-code-review\/\">https:\/\/lgms.global\/source-code-review\/<\/a><\/h5>\n<h5><\/h5>\n<h5><span style=\"color: #000000\"><strong>Teleawan Sdn Bhd<\/strong><\/span><\/h5>\n<h5>Go to: <a href=\"https:\/\/www.teleawan.com\/source-code-review\">https:\/\/www.teleawan.com\/source-code-review<\/a><\/h5>\n<h5><\/h5>\n<h5><span style=\"color: #000000\"><strong>FIRMUS<\/strong><\/span><\/h5>\n<h5>Go to: <a href=\"https:\/\/firmussec.com\/source-code-review\/\">https:\/\/firmussec.com\/source-code-review\/<\/a><\/h5>\n<p>&nbsp;<\/p>\n<h5><\/h5>\n<blockquote>\n<h5><span style=\"color: #000000\"><strong>Most of the industries globally use OWASP Code Review Methodology.<\/strong><\/span><\/h5>\n<\/blockquote>\n<h5>You may easily find the current version of <strong>OWASP CODE REVIEW GUIDE 2.0<\/strong> from <a href=\"https:\/\/owasp.org\/www-pdf-archive\/OWASP_Code_Review_Guide_v2.pdf\">https:\/\/owasp.org\/www-pdf-archive\/OWASP_Code_Review_Guide_v2.pdf<\/a><\/h5>\n<h5>The contents are:<\/h5>\n<ul>\n<li>\n<h5>How to use the guide<\/h5>\n<\/li>\n<li>\n<h5>Secure Code Review<\/h5>\n<\/li>\n<li>\n<h5>Methodology<\/h5>\n<\/li>\n<li>\n<h5>Reviewing by Framework<\/h5>\n<\/li>\n<li>\n<h5>OWASP Top Ten A1 \u2013 A10 [refer below]<\/h5>\n<\/li>\n<\/ul>\n<h5><\/h5>\n<h5><strong>Related information:<\/strong><\/h5>\n<h2>OWASP Top 10 Web Application Security Risks<\/h2>\n<h5><a href=\"https:\/\/owasp.org\/www-project-top-ten\/\">https:\/\/owasp.org\/www-project-top-ten\/<\/a><\/h5>\n<h5>Globally recognized by developers as the first step towards more secure coding. &#8211; OWASP<\/h5>\n<p>&nbsp;<\/p>\n<h1><strong>Source Code Analysis Tools<\/strong><\/h1>\n<h5>Also known as Static Application Security Testing (SAST) Tools.\u00a0 Others information:<\/h5>\n<ul>\n<li>Important Selection Criteria (of tools)<\/li>\n<li>Open Source &amp; Commercial Tools available<\/li>\n<\/ul>\n<p>For details, go to: <a href=\"https:\/\/owasp.org\/www-community\/Source_Code_Analysis_Tools\">https:\/\/owasp.org\/www-community\/Source_Code_Analysis_Tools<\/a><\/p>\n<p>&nbsp;<\/p>\n<h4><strong>Source Code Review vs. Penetration Testing for Web Application Security <\/strong>by Uladzislau Murashka. Penetration Testing Consultant, ScienceSoft.<\/h4>\n<h6><em>\u00a0\u201cThe article gives a clear view of the importance of comprehensive security testing. For web applications involving sensitive data (Healthcare,Banking, Insurance web applications.) it&#8217;s a perennial must. While pentesting explores vulnerable application areas, which may let the hackers in, code review helps detect internal problems and inconsistencies. Though these problems are not visible to outside hackers, they may be at the root of application vulnerability. \u201c <\/em><em>Elizabeth Barkaline (2017)<\/em><\/h6>\n<p>Go to: <a href=\"https:\/\/www.scnsoft.com\/blog\/web-applications-security-source-code-review-vs-penetration-testing\">https:\/\/www.scnsoft.com\/blog\/web-applications-security-source-code-review-vs-penetration-testing<\/a>\u00a0 (accessed at April 28, 2020)<\/p>\n<p>&nbsp;<\/p>\n<h4><strong>What you should know before you Pick Secure Code Review services? <\/strong><\/h4>\n<h5>Interesting article to know more about <strong>Secure Code Review<\/strong> services that consist the following:<\/h5>\n<ol>\n<li>\n<h5>4 processes in SSDLC\u2019s Coding (or Development) Phase<\/h5>\n<\/li>\n<li>\n<h5>4 types of Code Reviews<\/h5>\n<\/li>\n<li>\n<h5>Tools and checklist for Code Review<\/h5>\n<\/li>\n<li>\n<h5>Practices for organization\u2019s secure code<\/h5>\n<\/li>\n<\/ol>\n<h5>Reference:<\/h5>\n<h5><a href=\"https:\/\/www.briskinfosec.com\/blogs\/blogsdetail\/What-you-should-know-before-you-Pick-Secure-Code-Review-services\">https:\/\/www.briskinfosec.com\/blogs\/blogsdetail\/What-you-should-know-before-you-Pick-Secure-Code-Review-services<\/a><\/h5>\n<p>&nbsp;<\/p>\n<h1><\/h1>\n<h1><\/h1>\n<h1><strong>Top 10 Most Popular Code Review Tools For Developers And Testers<\/strong><\/h1>\n<p><a href=\"https:\/\/www.softwaretestinghelp.com\/code-review-tools\/\">https:\/\/www.softwaretestinghelp.com\/code-review-tools\/<\/a><\/p>\n<p>&nbsp;<\/p>\n<h1><strong>Top 40 Static Code Analysis Tools (Best Source Code Analysis Tools)<\/strong><\/h1>\n<p><a href=\"https:\/\/www.softwaretestinghelp.com\/tools\/top-40-static-code-analysis-tools\/\">https:\/\/www.softwaretestinghelp.com\/tools\/top-40-static-code-analysis-tools\/<\/a><\/p>\n<h5>As a computer security student and software developer,\u00a0 I hope that we share the same excitement for the code review methodology and technology.<\/h5>\n<p>&nbsp;<\/p>\n<h5><strong>Your task for submission:<\/strong><\/h5>\n<h5>A page report that summarized the Code Review content here that you learn and understand.<\/h5>\n<h5>Please include feedback &#8211; what do you know 1) before learning; 2) after learning and 3) how it will help you in the future job.<\/h5>\n<h5>Submit to e-learning by Monday May 4, 4:03pm.<\/h5>\n<p>&nbsp;<\/p>\n<h5><\/h5>\n<h5>Thank you.<\/h5>\n<h5><\/h5>\n<h5>Ms Rashidah<\/h5>\n","protected":false},"excerpt":{"rendered":"<p>CODE REVIEW &nbsp; Industries: Source Code Review (Malaysia) Quite remarkable to know that industries in Malaysia are involving in current cyber security requirements by providing services such as code review and penetration testing. Some of them get involved since 2016 by supporting Multinational Company. &nbsp; They are: LGMS @ Asia Cybersecurity Exchange\u00a0 Go to: https:\/\/lgms.global\/source-code-review\/ &hellip; <a href=\"https:\/\/people.utm.my\/rashidah\/2020\/04\/29\/software-security-code-review\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Software Security: Code Review<\/span><\/a><\/p>\n","protected":false},"author":582,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1389","post","type-post","status-publish","format-standard","hentry","category-other"],"_links":{"self":[{"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/posts\/1389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/users\/582"}],"replies":[{"embeddable":true,"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/comments?post=1389"}],"version-history":[{"count":19,"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/posts\/1389\/revisions"}],"predecessor-version":[{"id":1408,"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/posts\/1389\/revisions\/1408"}],"wp:attachment":[{"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/media?parent=1389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/categories?post=1389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/people.utm.my\/rashidah\/wp-json\/wp\/v2\/tags?post=1389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}