How to Conduct a Code Review

A properly conducted code review can do more for the security of your application than nearly any other step. A large numbers of bugs can be found and fixed before the code makes it into an official build or into the hands of the test team. Additionally, the code review process lends itself very well to sharing security best practices amongst a development team and it produces "lessons learned" toward preventing future bugs. This guide focuses on identifying the types of issues that you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.

Featured Software Research:

Case Study: Xirrus Increases Cross-Sell & Reduces Errors with CPQ

Xirrus, a leader in high-performance wireless networking, was faced with a long and tedious quoting process. Sales reps would often forget components, forget to add support, and even had to retract on discounts. What’s more, a sales engineer had to review each proposal because of its complexity. CallidusCloud’s CPQ (Configure Price Quote) was introduced to simplify the quoting process. Find out how Xirrus benefitted from the CPQ solution. Read More

The Guide to Google Apps Training Part Four: Advanced Security Configuration and Compliance

Google offers protection of your information with its sophisticated data and encryption centers. But now that you’ve become comfortable with the tools and basic security settings for Google Apps, you can get more in-depth and establish other security settings on your own. This next level of control allows you to review the settings for the core of Google Apps and gives you even better protection over your data with the ability to configure security parameters for associated apps.

In this... Read More

Application Visibility: The Root of Good Service Management

Information technology (IT) organizations have long struggled to understand and manage the services they provide. As service management has had to rely on applications to codify business processes, it entails an application-centric approach. Sophisticated application monitoring tools are just now becoming available that provide good visibility into IT services.

Riverbed Technology commissioned Forrester Consulting to conduct a study on IT service management—providing insight into application... Read More

You may also be interested in these related documents:

Why .NET Technology Is Important for ERP

.NET technology is a wake-up call, and some people are sleeping through it! Remaining competitive means mission-critical software systems, such as enterprise resource planning (ERP) applications, must be designed from the ground up for connectivity and integration. But software developers don’t advertise their shortcomings, and some ERP vendors—and by association, their customers—are being left behind. Read More

Compliance Exposures in ERP Systems Part 1

This paper examines key issues for CFOs and CEOs in managing ERP systems in the new world of SOX, IFRS, Basle II. While most IT management attention seems to be on document retention, reporting quality, and security, there are broader issues to be considered toward ensuring good governance and compliance with regulations such as Sarbanes-Oxley, IFRS and Basle II. Read More

Code Signing Certificates - Secure Delivery of Code and Content to Browsers

thawte's Code Signing certificate confirms publisher details and content integrity of downloadable code. It is strongly recommended for any publisher who plans to distribute code or content over the Internet or corporate extranets. Find out how your signature is verified and how customers can confidently and safely download applets, plug-ins, or macros from your site. Read More
 
comments powered by Disqus