Cybersecurity, Code Review Discussion Questions

Cybersecurity Code Review Discussion Questions

About These Questions

When a code review is requested by emailing securitysupport@illinois.edu, the Cybersecurity team will typically start by discussing these questions with lead and senior software developers who contributed to the code.

These questions are inspired by the Open Web Application Security Project (OWASP) Top Ten Web Application Security Risks. The top ten risks are recalculated every few years based on combined data on actual vulnerabilities. The project is broadly accepted as an authority on cybersecurity risks in custom code.

Code Security Review OWASP Example Questions

Injection

Broken Auth

Sensitive Data Exposure

XML External Entities

Broken Access Control

Security Misconfiguration

Cross Site Scripting (XSS)

Insecure Deserialization

Using Components with Known Vulnerabilities

Insufficient Logging & Monitoring

Security events include: