5 answers
Dariehl
Student
7
Questions
Asked
545 views
What are some important information do you have to analyze when checking codes?
#engineering #technology #seeing how to analyze the checking codes of engineering
Login to comment
5 answers
Ahmad Kaddoura
Information Security Manager
2
Answers
Beirut, Beirut Governorate, Lebanon
Updated
Ahmad’s Answer
Code validation is an important part of systems development and should be integrated all throughout the development life cycle.
To obtain reasonable assurance over your code development process, it is best to first have a Quality Control framework in place that defines the different, requirements for writing secure code, test types required, tools to be used for testing (e.g., code analysis tools), etc.
At the least, the following best-practice recommendations for code validations should be adopted:
- Your code should be easily readable (your code should be understandable by others)
- Your code should be easily maintainable, reusable and scalable
- Your code should be securely developed (no use of hard-coded secrets, no use of vulnerable libraries, etc.)
- Your code should be optimised for performance
- Your code should be well documented
- Your code should undergo a standard quality review process (e.g. unit testing, integration testing, regression testing, etc.)
I advise you to look into DevSecOps and the OWASP code review guide as they are a good way to start familiarising yourself with best-practice methods for code validations and efficiently integrating security within development.
To obtain reasonable assurance over your code development process, it is best to first have a Quality Control framework in place that defines the different, requirements for writing secure code, test types required, tools to be used for testing (e.g., code analysis tools), etc.
At the least, the following best-practice recommendations for code validations should be adopted:
- Your code should be easily readable (your code should be understandable by others)
- Your code should be easily maintainable, reusable and scalable
- Your code should be securely developed (no use of hard-coded secrets, no use of vulnerable libraries, etc.)
- Your code should be optimised for performance
- Your code should be well documented
- Your code should undergo a standard quality review process (e.g. unit testing, integration testing, regression testing, etc.)
I advise you to look into DevSecOps and the OWASP code review guide as they are a good way to start familiarising yourself with best-practice methods for code validations and efficiently integrating security within development.
Suraj Shirolikar
3
Answers
Updated
Suraj’s Answer
I would have few suggestions with respect to code writing techniques, useful handy checklist to adhere to. This is important as we have been watching lot many Vulnerabilities while writing code
1. Have right Code Review Checklist before code submit/commit, this includes Unit test performed
2. Code format for right exceptions, a simple example could be right alignments
3. Architecture : code sync / design / flow should be as precise as possible
4. Best practices : Avoid multiple if/else, Do not over write comments, use rigth framework
5. Future forecasted code : Maintainability , Readability, Testability, Debuggability, Configurability
6. Important documentation for code : Reusability, Reliability, Extensibility (add enhancement), Security, Performance, Scalability and Usability
Finally also include static code analyzers at the end of code commit, this will negate security flaw if exist
Example: Coverity, Findbugs, Fortify
1. Have right Code Review Checklist before code submit/commit, this includes Unit test performed
2. Code format for right exceptions, a simple example could be right alignments
3. Architecture : code sync / design / flow should be as precise as possible
4. Best practices : Avoid multiple if/else, Do not over write comments, use rigth framework
5. Future forecasted code : Maintainability , Readability, Testability, Debuggability, Configurability
6. Important documentation for code : Reusability, Reliability, Extensibility (add enhancement), Security, Performance, Scalability and Usability
Finally also include static code analyzers at the end of code commit, this will negate security flaw if exist
Example: Coverity, Findbugs, Fortify
Mickael Rosenberg
Software Engineer
265
Answers
Bellevue, Washington
Updated
Mickael’s Answer
I am going to agree with the two other persons. When you check code, you want to make sure that:
- it follows the develop guidelines of your company / business
- it is readable
- it is understandable
- the feature seems to be thoroughly implemented
- everything has been verified and tested
Basically, you want to make sure the developer followed the practice given by the company and/or best practice in general. Since you may be called to maintain this code, you want to make sure you understand the code well enough that in a year or plus, you are able to update it for new features or fix it if defects happen.
In some complex systems, or when developer needs to go fast, it can be easy to forgot steps, especially in tests. Your review makes sure that things haven't been overlooked.
- it follows the develop guidelines of your company / business
- it is readable
- it is understandable
- the feature seems to be thoroughly implemented
- everything has been verified and tested
Basically, you want to make sure the developer followed the practice given by the company and/or best practice in general. Since you may be called to maintain this code, you want to make sure you understand the code well enough that in a year or plus, you are able to update it for new features or fix it if defects happen.
In some complex systems, or when developer needs to go fast, it can be easy to forgot steps, especially in tests. Your review makes sure that things haven't been overlooked.
Sharmila Ramamoorthy
Software Engineer
2
Answers
Westborough, Massachusetts
Updated
Sharmila’s Answer
Code review is important for quality software. Peer review should give useful feedback to improve the code. Areas to consider while reviewing:
- The fundamental logic to accomplish the functionality
- Well structured and readable
- Best practices
- Code testing criteria - meets standards set by the team or your organization
- Documentation
- The fundamental logic to accomplish the functionality
- Well structured and readable
- Best practices
- Code testing criteria - meets standards set by the team or your organization
- Documentation
Michael Linane
Engineering Program Manager
2
Answers
Round Rock, Texas
Updated
Michael’s Answer
Open source licensing reviews are extremely important.