|
Reviewing applications
for source code security vulnerabilities
is the most important step towards overall
enterprise security. Applications, especially
Web applications, can expose vital data
to the World Wide Web, and security vulnerabilities
from inadequately designed or written code
may allow attackers to threaten privacy
and steal data - for example, gain access
to confidential information, modify a database
or other system, or cause the application
to crash or become unstable.
Code review is probably the single-most
effective technique for identifying security
flaws. When used together with automated
tools and manual penetration testing, code
review can significantly increase the cost
effectiveness of an application security
verification effort.
Binary Vintage is the value added distributor
for Parasoft, who offers solution to support
and automate numerous best practices for
software defect prevention. These software
defect prevention best practices can be
divided into two major categories:
 |
code
analysis |
|
code review |
Code analysis includes static (rules-based)
analysis, flow analysis, and metrics. This
code analysis typically relieves developers
from having to perform line-by-line inspections
during peer code reviews. Instead, code
reviews can begin by discussing interesting
findings from the automated code analysis
results, then move on to examining design,
algorithmic, and implementation issues.
This aspect of the peer code review is supported
by Parasoft's Code Review module. It
automatically identifies updated code by
scanning the source control system, matches
the code with designated reviewers, and
tracks the progress of each review item
until closure.
Binary Vintage is able to offer
Code Analysis
Solution
|
monitors
whether code meets uniform expectations
around security, reliability, performance,
and maintainability. |
|
a foundation for
producing solid code by exposing structural
errors and preventing entire classes
of errors. |
|
The code analysis
includes pattern-based (rules-based)
analysis, data flow analysis, and code
metric calculation. |
|
All are centrally
managed and highly automated. |
Code Review
Solution
|
automates
and manages the peer code review workflow
( Code Review Module ) |
|
automates preparation,
notification, and tracking of peer code
reviews, addresses the known shortcomings
of this very powerful inspection method.
|
|
automatically identifies
updated code by scanning the source
control system |
|
matches the code
with designated reviewers, and tracks
the progress of each review item until
closure. |
|
