Here’s some quick advice on scanning source code for security flaws. Maty Siman, CTO of Checkmarx, shares his top three best practices for source code vulnerability inspection.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
- Scan early and scan often. “The beauty of not having a compiler-based approach is that code can be scanned any time, anywhere,” Siman said.
- Use code analysis as a risk benchmark. Be sure your security-optimized code analysis practices and tools eliminate false positives, allowing auditors and CISOs to get a strong handle of enterprise risk.
- Use code analysis to introduce a culture of security to development.
Remember, said Siman, “the best defense is a strong offense.”