How to Conduct a Code Review

A properly conducted code review can do more for the security of your application than nearly any other step. A large numbers of bugs can be found and fixed before the code makes it into an official build or into the hands of the test team. Additionally, the code review process lends itself very well to sharing security best practices amongst a development team and it produces "lessons learned" toward preventing future bugs. This guide focuses on identifying the types of issues that you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.

Featured Software Research:

Growing Google Apps: How to Increase Google Adoption in Your Organization

Change is hard for everyone. But switching from your old system to Google Apps doesn’t have to be difficult, and acceptance of the new Google Apps system within your organization will allow your company to flourish. Supporting everyone on the team through the adoption process is vital to a successful move to Google Apps.

In this white paper, explore core ideas to successfully training on and transitioning to Google Apps, including a slow, steady implementation process that allows the comfort... Read More

The Guide to Google Apps Training Part Four: Advanced Security Configuration and Compliance

Google offers protection of your information with its sophisticated data and encryption centers. But now that you’ve become comfortable with the tools and basic security settings for Google Apps, you can get more in-depth and establish other security settings on your own. This next level of control allows you to review the settings for the core of Google Apps and gives you even better protection over your data with the ability to configure security parameters for associated apps.

In this... Read More

Application Visibility: The Root of Good Service Management

Information technology (IT) organizations have long struggled to understand and manage the services they provide. As service management has had to rely on applications to codify business processes, it entails an application-centric approach. Sophisticated application monitoring tools are just now becoming available that provide good visibility into IT services.

Riverbed Technology commissioned Forrester Consulting to conduct a study on IT service management—providing insight into application... Read More

You may also be interested in these related documents:

Why .NET Technology Is Important for ERP

.NET technology is a wake-up call, and some people are sleeping through it! Remaining competitive means mission-critical software systems, such as enterprise resource planning (ERP) applications, must be designed from the ground up for connectivity and integration. But software developers don’t advertise their shortcomings, and some ERP vendors—and by association, their customers—are being left behind. Read More

Compliance Exposures in ERP Systems Part 1

This paper examines key issues for CFOs and CEOs in managing ERP systems in the new world of SOX, IFRS, Basle II. While most IT management attention seems to be on document retention, reporting quality, and security, there are broader issues to be considered toward ensuring good governance and compliance with regulations such as Sarbanes-Oxley, IFRS and Basle II. Read More

Code Signing Certificates - Secure Delivery of Code and Content to Browsers

thawte's Code Signing certificate confirms publisher details and content integrity of downloadable code. It is strongly recommended for any publisher who plans to distribute code or content over the Internet or corporate extranets. Find out how your signature is verified and how customers can confidently and safely download applets, plug-ins, or macros from your site. Read More
 
comments powered by Disqus