Basics of Source Code Review
Introduction
Source Code Review plays a vital role in securing any system or application in its initial stage. In this security experts know programming and cybersecurity better perform the review of the code in order to look for the vulnerabilities in the source code.
It can be manual or automated depending on the organization and their approach. The main aim is to identify the vulnerabilities in the source code in the initial stages of SDLC. Experts look for logical vulnerabilities, Input validation issues, and many more as per OWASP top 10. Let’s discuss in detail how the auditing is being done and what are the issues that are mostly flagged by the team.
Note: Basic Knowledge of programming is necessary for it. Here I am explaining Source code review based on PHP.
Input Validation?
Structured Query Language Injection / SQLI:
This is the most severe issue web application; where unsanitized user input is directly transferred to the SQL queries and due to it the attacker is able to execute the arbitrary SQL queries in the database. It can lead to full…
