A Case Study - Selecting a Code Review Approach

13 Pages Posted: 29 Nov 2008 Last revised: 5 Dec 2008

Date Written: November 28, 2008

Abstract

This case study from company ABC will analyze and identify an approach to develop and maintain secure systems and applications, including selecting suitable static-analysis code scanning tools for application development. ABC is planning an enterprise data protection approach and protects data across the information life cycle. ABC acknowledges that secure development will take a long time to implement, partly based on expensive and time-consuming manual code reviews. ABC is selecting a solution including code reviews and scanning of internal code non-web applications. ABC also identified a long term project that will include penetration testing and scanning and review of the web application code base. This article is based on a project case study in protecting an enterprise application that are not web related. Extending the code reviews into the non-web applications, we also briefly discuss other types of protections. An effective code-scanning tool would definitely be useful in ABC development. Being a security oriented organization, it's very important to minimize the number of bugs. The use of code scanning tools is also mandated by Microsoft's SDL. No matter what tool used, this should be accompanied with code reviews, appropriate testing including such as fuzzy testing, code standards that are followed, and proper education. No matter what tool configuration selected, manual code reviews, education, coding standards and proper testing must also be applied.

Keywords: Database Security, Encryption, Privacy, VISA CISP, PCI, GLBA, HIPAA, SOX, SB1386

JEL Classification: O31

Suggested Citation

Mattsson, Ulf T., A Case Study - Selecting a Code Review Approach (November 28, 2008). Available at SSRN: https://ssrn.com/abstract=1308728 or http://dx.doi.org/10.2139/ssrn.1308728

Ulf T. Mattsson (Contact Author)

Protegrity Corp. ( email )

One Cantebury Green
Stamford, CT 06901
United States

HOME PAGE: http://www.ulfmattsson.com

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
260
Abstract Views
1,528
Rank
234,121
PlumX Metrics