Summary
Imagine you are given the source code for a JAVA web application with about a million lines and were asked to review the code for any vulnerabilities and report back in a week. This can turn into an interesting exercise if you are a team of one. What are your options: crowdsource, ask for mercy, do your best? Thankfully there are other options, such as automated code review software. In this post I'll talk about
Checkmarx's
cloud based solution that does security code analysis and use
OWASP's WebGoat (v5.4) project to see how it measures up.
