422.5 Code review and security testing

Overview

This section explores how developers and security teams find vulnerabilities before software is deployed. Code review and security testing are essential components of the secure development lifecycle. They help uncover mistakes that may not be obvious during normal development, including both logic errors and deeper security flaws.

By combining manual review techniques with automated testing tools, developers can catch problems early, reduce risk, and improve the overall quality of their codebase. These practices also reinforce team accountability and support compliance with software development standards.

The topics in this section examine several key techniques:

• Reviewing code for correctness and clarity

• Analysing source code without running it (SAST)

• Testing the running application as a black box (DAST)

• Assessing systems for known vulnerabilities

• Simulating real-world attacks through penetration testing

Targets

In this section, students learn to:

• Explain the purpose of code review and various types of security testing

• Use checklists and automated tools to identify vulnerabilities

• Distinguish between SAST, DAST, vulnerability assessment, and penetration testing

• Apply review and testing strategies to improve the security of software before deployment