Collaborate Disseminate
What is the official definition of code review or source code review?
Does it only mean that another developer reads the code after changes done by another developer?
or it can be done by an automated tool? like lgtm for example which is a… Continue reading What is code review? [closed]
I’m currently performing a code audit for an application that a company will release to the public as open-source in the next few days.
In this application, they use a JWT token for authentication and on the backend, you can clearly see th… Continue reading Use of JWT Token in open source project
One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they’re building as part of the automated development lifecycle, rather than relying on security or… Continue reading Low code applications are essential for cybersecurity development in applications
Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, … Continue reading Code review: How satisfied are development teams?
Is it at Java or JVM level? Is there a Java vulnerability scanner? To discover bugs such as this do you analyse Java code or the JVM? Is there a pure java vulnerability scanner for Java code or Java libraries?
Continue reading Log4j vulnerability at Java level or JVM level [closed]
Looking for everyone’s opinion here. One of my buddies was doing a vendor security review for a company that sells different types of software. The software allows you to create 3D models for home and office design (think HGTV home improve… Continue reading Vendor Security Review. When is it overkill?
I want to do a secure code review for an app written in SWIFT. I am looking for some documentation, guidelines and regex pattern repository available.
Continue reading Is there any regex repository available for secure code review of swift language?
With staffing ratios often more than 200 developers for every AppSec professional, scaling security requires increasing the developer’s engagement in securing the product. To do that, developers must be responsible for the security of the code they wri… Continue reading The basics of security code review
Consider a scenario, where your AV / EDR software has to exclude paths of database files as suggested by vendors to avoid affecting performance or stability issues.
You want to review your database for integrity with the aim to make sure t… Continue reading What tools/checklists can help determine the presence of malicious code in a database? MS SQL specifically
I work at a small software company, and we are working with another company that wants to use our software. However, their InfoSec team want us to have a 3rd party source code review completed, with static and dynamic scanning pipelines cr… Continue reading Safe sharing source code with 3rd party for security review?