Selcouth Cyber Security Services Private Limited

Secure Code Review – Part One

AppSec + Cyber security + InfoSec w1r3sh65rk todayFebruary 22, 2021 2129

Background
share close

Before we travel through the Secure code review in SDLC phase. Let us first understand what is Secure Coding, why it should be the part of early phase of SDLC, importance and best practices, available tools.

Security Code Review:

A secure code review is a part of the code review process to identify missing best practices early in the Software Development Lifecycle (SDLC), resulting in fewer vulnerabilities in the production. Over time, software engineers have defined various security best practices that can protect an application against common web vulnerabilities such as those listed in the OWASP Top 10 or CWE/SANS Top 25.

Approach of Security by design and its benefits:

Deployed software is continuously under attack. Hackers have been exposing and exploiting vulnerabilities for decades and seem to be increasing their attacking frequency and complexity. Secure software is a software development problem. Its solution is the responsibility of every member of the software development team –from managers and support staff to developers, testers and IT staff. Security must be on everyone’s mind throughout every phase of the software lifecycle. A misstep in any phase can have severe consequences.

In simpler terms, it is crucial that each phase of the software development process include the appropriate security analysis, defences and countermeasures that will result in more secure released code. From requirements through design and implementation to testing and deployment, security must be integrated throughout the Software Development Lifecycle (SDLC) in order to provide the user community with the best, most secure software-based solutions.

From the standpoint of both cost and effectiveness, considering security as an integral part of the software development lifecycle is the best way to build and maintain robust, reliable, and trustworthy applications.

Best place to fit Secure Coding in SDLC life cycle:

Software development methodologies, such as iterative, agile and waterfall models, all benefit from a focus on secure practices. In each case, incorporating security-based techniques in each phase of the SDLC will improve quality and resistance to attack in the final product.

Why it should be part of early phase of SDLC?

it’s a highly valuable activity which can find a lot of security problems, far before you get to the testing or release stages, potentially saving both time and money.

The cost of addressing security vulnerability during the development cycle is less than two percent the cost of removing such a defect from a deployed production application.

Shifting left for security involves applying security measures and practices early in the Software Development Life Cycle (SDLC). The further you go to the left, the earlier in the cycle you are.

What To Watch For Next?

In part two we will be covering, the security by design in each step of the SDLC.

In part three we will be covering the OWASP Top 10 in relation to securing coding in .NET


At Selcouth, We believe that achieving cyber security is a continuous journey in which we partner with our clients to address the everchanging threat landscape. To address such threats, get in touch with us! You can also view our full range of service offerings and trainings!

Written by: w1r3sh65rk

Rate it
Previous post

AppSec acc3ssp0int / February 15, 2021

OAuth 2.0 – Part Three

Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before [...]


Similar posts

AppSec w1r3sh65rk / February 22, 2021

Secure Code Review – Part One

Before we travel through the Secure code review in SDLC phase. Let us first understand what is Secure Coding, why it should be the part of early phase of SDLC, importance and best practices, available tools. Security Code Review: A secure code review is a part of the code review process to identify missing best ...

Read more trending_flat

AppSec acc3ssp0int / February 15, 2021

OAuth 2.0 – Part Three

Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their Web Security Academy Labs! The ...

Read more trending_flat