In this chapter, we introduced how to build your own secure code inspection system with the SWAMP. The SWAMP allows developers to submit their source code or package for automatic secure code review, helping them to identify critical security issues at the source-code level. The SWAMP provides cloud and on-premises versions. We demonstrated the steps for submitting a vulnerable Python project for a security review on SWAMP.

As we continue to look at secure code review, there are key security issues that we will focus on, such as weak encryption algorithms, insecure protocol, hardcoded sensitive information, and risky APIs that may result in command injection or buffer overflow. The list of risky APIs can be a reference to use when implementing a secure code review tool. In a case study of this chapter, we demonstrated the use of CRASS to scan vulnerable Python APIs. Furthermore, we also introduced another generic general secure coding inspection tool, VCG.

We discussed two security cases, the XXE and deserialization security issues. Once we are familiar with the security code patterns for identifying such security issues, we may use code inspection tools, such as CRASS and VCG, to identify the vulnerability in the source code.

In the coming chapter, we will apply similar code inspection techniques to look for sensitive information leakage and privacy security issues.