422.5 Code review and security testing
Identify weaknesses in software by reviewing code and testing its behaviour before release.
Overview
This section explores how developers and security teams find vulnerabilities before software is deployed. Code review and security testing are essential components of the secure development lifecycle. They help uncover mistakes that may not be obvious during normal development, including both logic errors and deeper security flaws.
By combining manual review techniques with automated testing tools, developers can catch problems early, reduce risk, and improve the overall quality of their codebase. These practices also reinforce team accountability and support compliance with software development standards.
The topics in this section examine several key techniques:
Reviewing code for correctness and clarity
Analysing source code without running it (SAST)
Testing the running application as a black box (DAST)
Assessing systems for known vulnerabilities
Simulating real-world attacks through penetration testing
Targets
In this section, students learn to:
Explain the purpose of code review and various types of security testing
Use checklists and automated tools to identify vulnerabilities
Distinguish between SAST, DAST, vulnerability assessment, and penetration testing
Apply review and testing strategies to improve the security of software before deployment
Last updated
Was this helpful?