Subscribe | About Us | Feedback
Today in Manufacturing.Net

Resources
Bookstore
Career Center
Events Calendar
Links
White Papers

Free White Papers

News
Featured Articles
Financial News
Global Manufacturing
Government News
Mergers & Acquisitions
News Archive
People in the News

Amazon

Market Sectors
Aerospace
Automotive/Transportation
Chemical/Petroleum
Food/Beverage
Medical
Metals
Pharmaceuticals/Biotech
Plastics/Rubber
Other Manufacturing

Industry Focus
Design & Development
Electrical & Electronics
Energy
Environmental
Facilities & Operations
Labor Relations
Manufacturing Technology
Materials
Quality
Safety
Supply Chain

Career Center
CareerBuilder.com


About Us
Editorial Contacts
Advertise with Us

Our Partner Sites
Chem.Info
ECN
Food Manufacturing
IMPO (Industrial Maintenance & Plant Operation)
Medical Design Technology
Pharmaceutical Processing
Product Design & Development
R & D Magazine
Wireless Design & Development
Wireless Week




Search the Library
 
Home>

The Path to a Secure Application: A Source Code Security Review Checklist

Ounce Labs
By : Ounce Labs
INFORMATION
Published : Jul 05, 2007
Length : 16
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :
The path to application security begins by rigorously testing source code for any and all vulnerabilities, to ensure the application will not compromise, or allow others to compromise, data privacy and integrity. This paper outlines the steps to secure source code development practices, and presents a source code security review checklist.
  • Where to Look for Security Vulnerabilities
  • How to Look for Security Vulnerabilities
  • What to Examine - Five Classes of Source Code Vulnerabilities
  • Applying the Source Code Security Review Checklist
  • Appendix: Source Code Security Review Checklist
For companies using custom-built, outsourced, or open source applications in-house, ensuring all current and legacy code is secure is no small challenge. Detecting and eradicating security vulnerabilities has historically been extremely difficult. Many organizations relied on manual code review, which is costly and labor-intensive, as well as penetration testing, which examines only a subset of potential security vulnerabilities in an application.
While both of these code review approaches have their uses, automatic source code analysis tools now allow companies to approach secure code development in a more systematic, automated, and successful manner. These source code analysis tools greatly improve the speed and accuracy of code review, and may be integrated seamlessly into the development lifecycle. In fact, the best tools can pinpoint each security vulnerability at the precise line of code and provide detailed information about the type of flaw, the risk it poses, and how to fix it.
Application security testing tools alone won't result in application security. Rather, such tools help developers and code reviewers assess applications - even those with many millions of lines of code - to identify the most potentially damaging security vulnerabilities. This allows development and remediation teams to prioritize their efforts, and take a risk-based approach to remediating the code base, starting with the most critical problems first.
View All Items By This Company
Browse Related Categories :
Application Security , Policy Based Management , Risk Management , Security , Security Policies
Search the Library
This Weeks Most Popular Reports Most Popular Topics Vendor Directory
White Papers
    Learn about White Paper Lead Generation opportunities