Security Code Review

IDE Plug-ins - A Security Testing Way to Automate Code Review

In traditional SDLC process, manual code review is done after the code is constructed and finding & fixing the defects require more time and resources which is costly and overburdening.
With IDE plugins, the code review is automatically done as the developer writes code by detecting various kinds of coding defects (e.g. security vulnerabilities, coding errors, wrong coding practices etc.) during development phase. Some IDE plugins help detect the defects and provide informative fixes during the construction of programs itself. With this, manual code review effort is minimized & developers can jump to the defects immediately to see the explanation on how to fix it. The IDE plugins also allow to write customized rules and/or guidelines as per the company’s frameworks and policies.
Plugins That Detect Security Vulnerabilities

Inconsistent Scan Results (Dynamic & Static)

Inconsistent Scan Results Dynamic and Static Scan

Day in, day out, of office there will be multiple dynamic & static scanning in progress. This has been the case for past 4+years. Couple of things that was constant, while the time & team members kept changing was self & the routine complaint of the scan results being inconsistent. Be it dynamic or static the scan results were inconsistent across time even if all other factors like “code/app version, scanner settings etc…” remained unchanged.

With the scanners being proprietary we had little to understand the internal details. What followed all this time is ticket after ticket after ticket after ticket on vendor portal. 

Subscribe to RSS - Security Code Review