Smart way of identify defects at early stages of test life cycle to Smart way of identify anomalies at early stages
Code Quality analysis discovers hidden vulnerabilities, coding standards, design flaws, and verifies if key security controls are implemented. SmartQE uses combination of (Istanbul, PEP8, PEP20 and Pyflakes and SonarQube) scanning tools and manual review to identify missing standards, detect insecure coding practices, backdoors, injection flaws, cross site scripting flaws, insecure handling of external resources, weak cryptography
Code Quality Validation Process
The first step of a code review is to conduct a thorough study of the application followed by the creation of a comprehensive coding standards and threat profiles.
Study the code layout to develop a specific code reviewer plan, and uses a hybrid approach where automated scans are verified and a custom manual review is performed.
Verify existing flaws against Coding standards and security code review and generate reports that provide solutions
Unit Testing & Code Quality Implementation Approach
Vendor shall setup unit test and code quality framework and drive institutionalization across client/client development teams through training / Mentoring. Automated audits and Dashboard shall be used for compliance monitoring / governance.
Recommended reference architecture for unit testing & code quality framework for client 2.0 technology stack. Different test runners e.g. TestNG, PHPUnit etc. can be integrated with Jenkins to execute unit tests from different technologies. Policies are defined to enforce compliance to quality standards.
Code Quality Advantages
Easily detect flaws through code analysis and avoid the need to send test data to the application software since access to the entire code base of the application is available.
Evaluate the entire code layout of the application including areas that wouldn't be analyzed in application security test such as entry points for different input's internal interfaces and integration's, data handling and validation logic, and the use of external API's and frameworks
Overcome Testing limitations
Uncover vulnerabilities and detect attack surfaces that automated code scans miss using security code reviews to detect weak algorithms, identify design flaws, find insecure configurations and spot insecure coding practices.
Produce security code review reports that include an executive summary that lists strengths and weaknesses and provides detailed findings that include precise code based solutions and fixes
Secure sensitive data storage and suggest precise solutions customized for your developers with code level suggestions that include more exhaustive checks to find all instances of common vulnerabilities.