Syllabus Point
- Apply and evaluate strategies used by software developers to manage the security of programming code
Including:
- code review
- static application security testing (SAST)
- dynamic application security testing (DAST)
- vulnerability assessment
- penetration testing
Developers must employ multiple security management strategies including peer code review, automated testing tools, and professional security assessments to identify and remediate vulnerabilities before they become exploitable threats.
Code reviews
A code review is when someone else systematically examines code to identify bugs, improve the quality of the code, or ensure it meets secure standards.
Clear guidelines
Guidelines should define the project's coding standards, security requirements, and specific rules for handling sensitive information. This makes things more consistent and helps team members know what to focus on during the review.
Focusing on key areas
- Input validation
- Authentication and authorisation
- Error handling
- Encryption
Automated code review tools
Helps to identify issues that are hard to find in a manual review like buffer overflows, uninitialised variables, or memory leaks.
Static application security testing (SAST)
A type of testing that analyses source code to find security vulnerabilities, by scanning code before it is compiled.
- Detects issues like SQL injection vulnerabilities, unvalidated inputs, and improper use of cryptographic functions
- Type of white-box testing
Example: Bandit
Bandit is a SAST tool for Python that automatically scans the codebase for potential security issues like weak encryption or improper input handling.
Dynamic application security testing (DAST)
A type of testing that simulates attacks from an external perspective, and tests the application when it is running to find vulnerabilities.
- Type of black box testing
- DAST tools can identify vulnerabilities like cross-site scripting, SQL injection, and weak session management by interacting with the system as an attacker would
Example: OWASP ZAP
OWASP ZAP is a tool that automatically probes the web application for vulnerabilities.
Vulnerability assessment
A systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels, and recommends remediation or mitigation.
Threats prevented by vulnerability assessments
- SQL injection, XSS, and other code injection attacks
- Escalation of privileges due to faulty authentication mechanisms
- Insecure defaults and settings, like guessable admin passwords
Types of vulnerability assessments
- Host Assessment - reviewing critical servers
- Network and wireless assessment - assessing policies and practices to prevent unauthorised access to private or public networks, and network-accessible resources
- Database assessment - looking at databases or big data systems for vulnerabilities and misconfigurations
- Application scans - automated scans on the frontend, SAST, or DAST of source code
Penetration testing
A security exercise where a cybersecurity expert attempts to find and exploit vulnerabilities in a computer system. It involves ethical hackers scaling planned attacks against an infrastructure to identify vulnerabilities which attackers could take advantage of.
Methods
Methods include testing (mimics real-world scenarios):
- Brute-force attacks, SQL injections, XSS, exploiting misconfigured services
Secure architecture is designed with protective layers (defence-in-depth) to mitigate the damage.
Types of Pen Tests
- Applications - Mobile, Web, Web Service/API, Thick Client
- Networks - External, Internal, SOE, Mobile Devices, Wireless
- Physical Security & Social Engineering
- Red Teaming - encompasses any or all of the above
Related Resources
Keep Progressing
Use the lesson navigation below to move through the module sequence.
