A Study of The Effectiveness of Code Review in Detecting Security Vulnerabilities
G.H.N Anuththara1, S.S.U Senadheera2, S.M.T.V Samarasekara3, K.M.G.T Herath4, D. I. De Silva5, M. V. N. Godapitiya6
1G.H.N Anuththara, Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka.
2S.S.U Senadheera, Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka.
3S.M.T.V Samarasekara, Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka.
4K.M.G.T Herath, Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka.
5M. V. N. Godapitiya, Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka.
6Dr. D. I. De Silva, Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka.
Manuscript received on 08 May 2023 | Revised Manuscript received on 23 May 2023 | Manuscript Accepted on 15 July 2023 | Manuscript published on 30 July 2023 | PP: 11-19 | Volume-12 Issue-2, July 2023 | Retrieval Number: 100.1/ijrte.B76710712223 | DOI: 10.35940/ijrte.B7671.0712223
Open Access | Editorial and Publishing Policies | Cite | Zenodo | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Software flaws pose a severe danger to the security and privacy of computer systems and the people who use them. For software systems to be reliable and available, vulnerabilities must be found and fixed before they may be used against the system. Two popular methods for finding weaknesses in software systems are code review and penetration testing. Which method is better for identifying vulnerabilities, nevertheless, is not widely agreed upon. The usefulness of code reviews and penetration tests in locating vulnerabilities is reviewed in detail in this study. We evaluate much empirical research and contrast the benefits and drawbacks of each method. According to our research, both code reviews and penetration tests are useful for uncovering vulnerabilities, despite the fact that their effectiveness varies based on the kind of vulnerability, the complexity of the code, and the testers’ or reviewers’ experience. Additionally, we discovered that doing both penetration testing and code review together may be more efficient than using each approach alone. These results may help software engineers, security experts, and researchers choose and use the right approach for locating weaknesses in software systems.
Keywords: Software Vulnerabilities, Code Review, Penetration Testing, Effectiveness, Empirical Studies, Strengths and Weaknesses, Combined Strategy, Software Development, Security Professionals, Recommendations.
Scope of the Article: Software Engineering Methodologies