• Coder - Manual code check of the list (Here you decide what of the automated tool scans needs to be fixed.)
(Zero warnings effect - fix the 100/213 low one line code bugs because the cost of fixing them is very low and the benefit of having no warnings is high. coders do this with code warnings in the compiler all the time. Makes better code management. SO here you're fixing the High Impact and the Low.
Ask your coder "Do you understand what SQLi is?" Coder managers need to fix the coders. Can't assume that it's obvious to everyone.
• Unit test in isolation (This works if there are units. How do you unit test if you have no units?)
• Coder - Remediate the security holes in the code
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment