Security Code Review
Security code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.
- Finding bugs early, when they are cheap to fix.
- Coding standards compliance. Code review helps to maintain consistent coding style across the company.
- Teaching and sharing knowledge. During review team members gain better understanding of the code base and learn from each other.
- Consistent design and implementation. Peer review helps to maintain a level of consistency in software design and implementation.
- Higher software security. Applications that require a high level of security benefit from targeted security reviews.