Episode 90: Code Review and Static/Dynamic Testing

Code is a frequent source of vulnerabilities, and reviewing it is essential for secure software development. In this episode, we discuss secure code review techniques—both manual and tool-assisted. We explain how static application security testing (SAST) scans source code before runtime, while dynamic application security testing (DAST) analyzes behavior during execution. You’ll also learn about interactive testing, false positives, secure development lifecycles, and DevSecOps integration. CISSPs don’t have to write code, but they do need to understand how to validate its security and guide development practices.