O'Reilly logo

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Justin Schuh, John McDonald, Mark Dowd

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 2. Design Review

“Sure. Each one of us is wearing an unlicensed nuclear accelerator on our back. No problem.”

Bill Murray as Dr. Peter Venkman, Ghostbusters (1984)

Introduction

Computer security people tend to fall into one of two camps on design review. People from a formal development background are usually receptive to the design review process. This is only natural, as it maps closely to most formal software development methodologies. The design review process can also seem to be less trouble than reviewing a large application code base manually.

In the other camp are code auditors who delight in finding the most obscure and complex vulnerabilities. This crowd tends to look at design review as an ivory-tower construct that just gets ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required