Code reviews offer developers the opportunity to have their code evaluated by their peers before moving it into production. In this video, learn about the code review process, including the use of Fagan inspections for formalized code review.
- [Lecturer] Application code is one…of the most common sources of security vulnerabilities.…Developers write millions of lines of code each year,…and there are thousands of security issues…buried in the complexity of that code…just waiting to be discovered.…Code reviews are one of the most important…software testing techniques.…During a code review, developers have their work reviewed…by other developers who examine the code…to ensure that it does not contain obvious, or subtle,…security issues.…
This process may be totally informal,…completely formal, or something in between.…The most formal code review process is known…as the Fagan inspection.…Fagan inspections follow the six-step process shown here.…During the first step, planning, developers perform…the pre-work required to get the code review underway.…This includes preparing the materials required…for the review, identifying the review participants,…and scheduling the actual review.…
Next, the review moves on to the overview phase…where the leader of the review assigns roles…
- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
IT Security Careers and Certifications: First Stepswith Marc Menninger2h 6m Appropriate for all
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
1. Risk Management
2. Threat Modeling
3. Threat Assessment
4. Remediating Vulnerabilites
5. Security Monitoring
6. Software Testing
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.