Pushing Left, Like a Boss – Part 7: Code Review and Static Code Analysis
This article is about secure code review and Static Application Security Testing (SAST). Static analysis is a highly valuable activity which can find a lot of security problems, far before you get to the testing or release stages, potentially saving both time and money.
Since I wrote this article a few years ago, I have had a chance to do more in the code review space and spend some time working with SAST tools. Although my attention span is short, and I can be impatient at times (such as, for example, when I am awake), I can now spot several types of problems fairly easily. If you had asked me a few years ago if I would ever find code review pleasurable, I would have laughed, but now I find validating SAST results rather satisfying. It's funny how much our opinions can change over time.
There are two options for doing code review; manual or with a tool. There are pros and cons to each, and using both will get you the best results.
Leave a Comment
Recent Posts
/cdn.vox-cdn.com/uploads/chorus_asset/file/25432281/1252211190.jpg)
