Chapter 6 DXp SeCurity Secure Code Scanning Secure Coding Guidelines Automated/Manual Code Review General Web Security Testing Vulnerability Testing Penetration Testing Application Specific Security Analysis Requirement Threat Analysis Security Test Case Analysis Preparation Figure 6-3. DXP security testing framework The main stages of DXP security testing are as follows: Secure Code Scanning In this stage the development team uses secure coding guidelines and standards to develop the DXP application. Security guidelines and coding standards and white box security tools are used in this stage. Automated security code scanners and manual code reviews can be used to check for any known security issues. The common security issues that can be uncovered through security code review are listed as follows: • Usage of password in plain text format in code or in configuration file or in database • Use of the user inputs directly for SQL queries or LDAP queries, leading to injection attacks • Absence of user input validation, cookie values, URL parameters, and form field values 193