Code Review

Overview

The goal of this activity is to perform a code review on example source code

Activity

  1. Form groups of 3-5 students.
  2. Examine the Controller.java, and DAO.java files for vulnerabilties. Document your findings in the code inspection document.
  3. The class will have a discussion based on the findings of each team and will share the vulnerabilties found, and the possible implications of the vulnerabilities.

Code Inspection Assessment

The purpose of this activity is to do a brief security assessment of your system at the code level.  Your goal is to find potential security concerns in your product. Your code inspection document must include:

Remember, this is about finding problems, not necessarily fixing them. We might discuss fixing, but code inspection meetings are about getting an overall assessment for a developer to fix offline.

A few notes:

Submission & Grading

This is not a graded assignment - only participation is required. Be ready to give answers to the class for the discussion.