In this chapter, we will discuss white-box testing techniques for secure code review. For an in-house software development team, it's a challenge to review all the source code for every software release. This is not only because of the pressure of release cycles, but because of the impracticality of requiring every developer to be familiar with all the secure coding best practices for all different programming languages, such as Java, C/C++, and Python. Therefore, we will demonstrate how to build your own automated secure coding platform with open source solutions for every release.
This chapter will cover the following topics:
- Case study—automating a secure code review
- Secure coding best practices and methodology
- Vulnerable code patterns for every programming language
- Automating secure code scanning tools with Jenkins (using C/C++, Java, Python...