Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings
How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? How to stay focused?
In this post I will show my simple technique to capture security flaws using Bookmarks in Visual Studio.
Create bookmark folders. Hit Ctrl + K and then Ctrl + W to bring Bookmarks window up. Create 10 folders according to security frame categories:
Focus on one category. Grab security checklist document you created using Guidance Explorer. Choose one category from the security frame, Authentication for example, and inspect the code manually. Do not pay attention to anything else on your way but Authentication issues. One category a time.
Bookmark security bugs. Once you find security bug hit Ctrl + K and then Ctrl +K again. You just created the bookmark. Drag it into the appropriate folder in Bookmarks window. Move on. When you finish the inspection using your checklist you should have something like this:
Copy to the report in one run. Just run through the bookmarks and paste the findings to your final report. One run. Mechanical work. Done. Peace of mind.
My related posts
- Visual Studio 2005 As General Code Search Tool
- Security Code Inspection - Eternal Search For SQL Injection
- Security .Net Code Inspection Using Outlook 2007
- Code Inspection - First Look For What To Look For
- ASP.NET 2.0 Internet Security Reference Implementation - Have It Handy
Comments
- Anonymous
February 15, 2008
Very useful! I have started to use this method. - Anonymous
February 15, 2008
Varun, great to hear you found it useful! - Anonymous
March 17, 2008
Want to quickly check your ASP.NET Web application for Cross Site Scripting (XSS) vulnerability ? It