Culture and Organization -> Education and Guidance: Security code review
Risk and Opportunity
Risk: Understanding security is hard.
Opportunity: The following areas of code tend to have a high-risk of containing security vulnerabilities:
- Crypto implementations / usage
- Parser, unparser
- System configuration
- Authentication, authorization
- Session management
- Request throttling
- :unicorn: (self-developed code, only used in that one software)
- Present the performed reviews (including participants, findings, consequences) and assess whether it is reasonable.
- New vulnerabilities may be found before reaching production.
- Old vulnerabilities are found and fixed.
- CWE Top 25 Most Dangerous Software Weaknesses, Link, Tags: documentation threat
Usefulness and Requirements of this Activity
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
CreditsThis activity is inspired/copied by/from
AppSecure-nrw Security Belts