Making Source Code Analysis Part of the Security Review Process presented at AUScert 2007

by Roger Thornton,

Summary : How do you know if your software applications are secure? Manual audits cover only a small percentage of the source code base, and periodic checks provide only a snapshot in time. Source code analysis allows development organisations to manage software security by leveraging well-documented best practices that can be automated.
This presentation will provide an overview of how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. Real-life examples from actual engagements will be used to show you how source code analysis can benefit you and your organisation.