Bishop Fox Secure Code Review Methodology
Overview of Bishop Fox’s methodology for Secure Code Review.
Learn the Bishop Fox approach to Secure Code Review.
Bishop Fox’s Secure Code Review methodology identifies code-level vulnerabilities by combining automated and manual testing techniques.
Assessments begin by understanding the architecture by performing a detailed analysis of the applications underlying construction. Next, the assessment team analyzes the software composition to inventory the open-source components and flag potential issues. The team then performs a static-code analysis by executing an automated review against all customer developed codebases. Finally, the team manually validates the automated findings confirming automated results and identifies issues within critical functionality including security-related components. The methodology outlined in this document provides a detailed look at the step-by-step process and delineation of responsibilities.
The methodology provides an overview of the following Secure Code Review phases:
- Comprehensive manual code review
- Analysis & Reporting