Here’s some quick advice on scanning source code for security flaws. Maty Siman, CTO of Checkmarx, shares his top three best practices for source code vulnerability inspection.
- Scan early and scan often. “The beauty of not having a compiler-based approach is that code can be scanned any time, anywhere,” Siman said.
- Use code analysis as a risk benchmark. Be sure your security-optimized code analysis practices and tools eliminate false positives, allowing auditors and CISOs to get a strong handle of enterprise risk.
- Use code analysis to introduce a culture of security to development.
Remember, said Siman, “the best defense is a strong offense.”