Why do we Perform Secure Code Reviews

Why do we use secure code reviews, instead of just a generic code review?

Often when writing code, the focus is not on security, it can be on a host of other things . The primary focus is typically simply to complete the feature. Then there's test-ability, maintainability, efficiency, readability...all sorts!

We’re all human, the code we write will have errors in it, no matter how good we are. This is the reason we normally do code reviews and it's no different when we think about secure code reviews, but here we're being very focused on security.

It's hard to spot our own problems, but it can still be very useful to perform a pre-secure code review of our own work. Even doing this, I personally still find that having someone else perform the review reveals things I hadn't thought of, simply because I’m too close to the code I’ve written.

Got a comment or correction (I’m not perfect) for this post? Please leave a comment below.

My Pluralsight Courses: (Get a free Pluaralsight trial)

API Security with the OWASP API Security Top 10

OWASP Top 10: What's New

API Security with the OWASP API Security Top 10

Secure Coding in ASP.NET Core

Secure Coding: Broken Access Control

Python Secure Coding Playbook

You've successfully subscribed to Gavin Johnson-Lynn!