How to Conduct a Code Review

A properly conducted code review can do more for the security of your application than nearly any other step. A large numbers of bugs can be found and fixed before the code makes it into an official build or into the hands of the test team. Additionally, the code review process lends itself very well to sharing security best practices amongst a development team and it produces "lessons learned" toward preventing future bugs. This guide focuses on identifying the types of issues that you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.

Featured Software Research:

Unified Communications Guide: Staying On-Premise or Going to the Cloud

Whether your company has recently migrated from legacy telephony to VoIP or whether it has been on the VoIP path for some time, consideration of unified communications UC makes sense. While some businesses will be perfectly happy moving over to VoIP, others will want the richer set of benefits that come with UC. Once the decision to go with UC has been made, businesses have to choose between retaining their premise-based environment for communications applications and adopting cloud-based UC.... Read More

Must-have ERP Features for the Automotive Industry

This paper summarizes the benefits an enterprise resource planning (ERP) solution provides to the entire manufacturing process, "from shop floor to top floor." Included are key features in a software as a service (SaaS) solution to help an auto manufacturer optimize performance throughout the enterprise. Read More

You may also be interested in these related documents:

Source Code Translation

Everyone who writes computer software eventually faces the requirement of converting a large code base from one programming language to another. But source-code conversion is a tedious, error-prone, and labor-intensive process. While there is no magic button to turn old code into new code, there are tools that can dramatically reduce the time and cost of a conversion project. Find out more. Read More

Certify Your Software Integrity with Code Signing Certificates

As a software developer, you know that the product you make available on the Internet can be tampered with—without detection—if it’s not secured. Customers need to know that the software really comes from the publisher who signed it and that it’s not been altered or corrupted. For secure online distribution and confident customers, learn how to sign your code and active content with a code signing certificate solution. Read More

How Modern Code Generation Works: An Insider’s Guide

To meet high user expectation for applications, your IT department must find ways to improve productivity and complete projects according to the latest standards—often with a reduced head count. In this environment, wasting time on code writing and other repetitive tasks is agonizing. But application generators can automate and manage your development processes. Learn about the functionality that can benefit your company. Read More
 
comments powered by Disqus