Security code review from DSOMM framework | SAMMY

Home
Browse frameworks
Contact us
SAMMY premium

Login

SAMMY UI is optimized for resolutions with a width 1024px and higher.

DSOMM

Browse DSOMM

Build and Deployment
Culture and Organization
Implementation
Information Gathering
- Logging
- Monitoring
Test and Verification

O-EG-1-1: Ad-Hoc Security trainings for software developers

O-EG-1-2: Security consulting on request

O-EG-2-1: Each team has a security champion

O-EG-2-2: Regular security training for all

O-EG-2-3: Regular security training of security champions

O-EG-2-4: Reward of good communication

O-EG-2-5: Security code review

O-EG-3-1: Conduction of build-it, break-it, fix-it contests

O-EG-3-2: Security Coaching

O-EG-3-3: Security-Lessoned-Learned

O-EG-3-4: Simple mob hacking

O-EG-4-1: Aligning security in teams

O-EG-4-2: Conduction of collaborative team security checks

O-EG-4-3: Conduction of war games

O-EG-4-4: Regular security training for externals

O-EG-5-1: Conduction of collaborative security checks with developers and system administrators

Security code review

O-EG-2-5: Security code review

The following areas of code tend to have a high-risk of containing security vulnerabilities: - Crypto implementations / usage - Parser, unparser - System configuration - Authentication, authorization - Session management - Request throttling - :unicorn: (self-developed code, only used in that one software)

Description

New vulnerabilities may be found before reaching production. - Old vulnerabilities are found and fixed.

Powered by Codific • Building a simple and safe digital future