/ Agile

Why do we Perform Secure Code Reviews

Often when writing code, the focus is not on security, it can be on a host of other things . The primary focus is typically simply to complete the feature. Then there's test-ability, maintainability, efficiency, readability...all sorts!

We’re all human, the code we write will have errors in it, no matter how good we are. This is the reason we normally do code reviews and it's no different when we think about secure code reviews, but here we're being very focused on security.

It's hard to spot our own problems, but it can still be very useful to perform a pre-secure code review of our own work. Even doing this, I personally still find that having someone else perform the review reveals things I hadn't thought of, simply because I’m too close to the code I’ve written.


Got a comment or correction (I’m not perfect) for this post? Please leave a comment below.
Gavin Johnson-Lynn

Gavin Johnson-Lynn

Offensive (but polite) security specialist, experienced software development professional in a former life. Focusing on web application security. Pluralsight author #CSSLP #QSTM

Read More
Why do we Perform Secure Code Reviews
Share this