Search for

The Path to a Secure Application: A Source Code Security Review Checklist

This paper details the path you must follow to find and eliminate the coding errors and design flaws that expose data and put organizations at risk. Includes details of the five major vulnerability categories and an actionable source code security review checklist. Take the path to more secure software today.

Published Date: 2007-10-11

No. of Pages: 16

Summary:

The path to creating a secure application begins by rigorously testing source code for any and all vulnerabilities, to ensure the application will not compromise, or allow others to compromise, data privacy and integrity.

For companies using custom-built, outsourced, or open source applications in-house, ensuring all current and legacy code is secure, however, will be no small challenge. Detecting and eradicating security vulnerabilities has historically been extremely difficult. Many organizations relied on manual code review, which is costly and labor-intensive, as well as penetration testing, which examines only a subset of potential application vulnerabilities in an application.

While both of these approaches have their uses, automatic software vulnerability scanning tools now allow companies to approach secure code development in a more systematic, automated, and successful manner. These automatic vulnerability scanning tools greatly improve the speed and accuracy of code review, and may be integrated seamlessly into the development lifecycle. In fact, the best tools can pinpoint each vulnerability at the precise line of code and provide detailed information about the type of flaw, the risk it poses, and how to fix it.

 

The path to creating a secure application begins by rigorously testing source code for any and all vulnerabilities, to ensure the application will not compromise, or allow others to compromise, data privacy and integrity.

For companies using custom-built, outsourced, or open source applications in-house, ensuring all current and legacy code is secure, however, will be no small challenge. Detecting and eradicating security vulnerabilities has historically been extremely difficult. Many organizations relied on manual code review, which is costly and labor-intensive, as well as penetration testing, which examines only a subset of potential application vulnerabilities in an application.

While both of these approaches have their uses, automatic software vulnerability scanning tools now allow companies to approach secure code development in a more systematic, automated, and successful manner. These automatic vulnerability scanning tools greatly improve the speed and accuracy of code review, and may be integrated seamlessly into the development lifecycle. In fact, the best tools can pinpoint each vulnerability at the precise line of code and provide detailed information about the type of flaw, the risk it poses, and how to fix it.

 

 

Sponsored Content

Sign In

Please sign in and you will have access to all the content available on CIO.in

E-mail


Password




Forgotten password?

One Time Registration Only !

Register now For your free CIO.in account and avail the following key benefits:
  • Never fill up any form to download whitepapers and case studies
  • Special invitations to CIO events
  • Be the first to get CIO reports & analysis
  • CIO special offers... and much more!
Common Content

Modernizing Your Data Warehouse for Cutting-Edge Analytics

An aging data warehouse that can no longer keep pace with existing workloads is data center that needs updating, especially if you need it to handle more data and increasingly complex analytics. However, companies are often reluctant to undertake such a task due to the disruptions it often causes to the environment. This eBook discusses how a combination of speed and MPP scalability will allow HPE Vertica to play a crucial role in the hybrid big data architecture of tomorrow and help you modernize your data center for cutting-edge analytics.

Common Content

HPE Vertica- Anritsu

When Anritsu stepped into the world of analytics, they struggled to analyse the mountains of data they had amassed in the time expected by customers. Their previous system was both time consuming and complex and the cost of expanding would not have been justified by the minimal performance gains. This paper outlines the solution HPE Vertica supplied Anritsu with and highlights the key cost and benefit areas it offers.

Common Content

Hybrid Identity

Several new pressures have arisen that have left some users struggling to remain productive while protecting company information. As consumers increasingly use IT in their daily lives, a fundamental change has been seen in the IT landscape and management objectives and business policies need to be altered to reflect that. This paper from Microsoft outlines the key areas where their People-centric vision is being realized and how it can help your business to increase the productivity and satisfaction of their users.