Source: blog.shiftleft.io
How to Review Code for VulnerabilitiesCategory: Software, Database, Data, automation, shell
Performing a source code review is one of the best ways to find security issues in an application. In this tutorial, I will go through some tactics for performing a security code review on your application.
Getting familiar with the indicators and signatures of those vulnerabilities will help you identify similar patterns in source code.
Start by searching for strings, keywords, and code patterns known to be indicators for vulnerabilities or misconfiguration.
Good SAST tools identify vulnerable patterns for you so that you can focus on analyzing the impact and exploitability of the vulnerability.
Getting familiar with the indicators and signatures of those vulnerabilities will help you identify similar patterns in source code.
Start by searching for strings, keywords, and code patterns known to be indicators for vulnerabilities or misconfiguration.
Good SAST tools identify vulnerable patterns for you so that you can focus on analyzing the impact and exploitability of the vulnerability.
Related Articles
Community Partners
DevOps Careers