Feb 062018

Do you remember when source code reviews of web applications were carried out manually? Without proper understanding of the nuances and logic built into the source code, this was not always a straightforward task. But a lack of systematic examination of the flaws and vulnerabilities within your application source code could have a major security impact on your web applications and systems.

Life before automation

Your source code review team needed a full understanding of the design and standards used in developing the applications. They would then have to select a catalog of appropriate tools to scan the application code and identify vulnerabilities such as SQL injection, remote code execution, cross-site scripting, header injection, HTTP response splitting, and possible flow control.

Hundreds of thousands of lines of source code would be transferred to a secure standalone system to carry out the code review, generating multiple reports containing thousands of items in various formats, including XML, HTML, PDF, and CSV. These reports would then have to be consolidated into a single format by manually copying the required fields from the various report files into a Microsoft Excel file before analysis could begin.

In one project for a leading manufacturing sector client, we carried out a review to identify the flaws in their application source code. We scanned around 600,000 lines of source code and generated a total of 12 reports containing around 56,000 items across formats. It took four people each working for five days (a total of 20 days) to manually complete the consolidation work, remove false positives, and provide recommendations to mitigate the resultant vulnerabilities present in the code. Just thinking about it makes me sweat!

The impact of RPA

With the advent of robotic process automation (RPA), we now automate most manual and repetitive report conversion, consolidation, and analysis processes to minimize human effort, delivering increased efficiency and reduced project duration for our clients.

I recently returned to the raw and consolidated reports created for our manufacturing client’s source code review project to assess how RPA would impact the speed and efficiency of the consolidation. Through leveraging RPA, only a single resource would be needed to complete the source code review, as opposed to the four resources previously used in the manual review process. This represents a reduction in manual effort of around 75% and a significant reduction in cost, while delivering the output faster and more accurately.

To find out more about how our governance, risk management and compliance (GRC) services can automate your source code review process and help save time and money for your clients, contact: 

Click here to learn more about how Capgemini’s GRC portfolio can enhance your reputation and deliver real business value.

click here for more details and apply to position

Tipical Questions
“Why are you leaving your current job?” Hiring managers want to know your motivation for wanting to leave your current job. Are you an opportunist just looking for more money or are you looking for a job that you hope will turn into a career? If you’re leaving because you don’t like your boss, don’t talk negatively about your boss–just say you have different work philosophies, Teach says. If the work was boring to you, just mention that you’re looking for a more challenging position. “Discuss the positives that came out of your most recent job and focus on why you think this new position is ideal for you and why you’ll be a great fit for their company.” If you’ve already left your previous job (or you were fired), Sutton Fell suggests the following: If you got fired: Do not trash your last boss or company. Tell them that you were unfortunately let go, that you understand their reasoning and you’ve recognized areas that you need to improve in, and then tell them how you will be a better employee because of it. If you got laid off: Again, do not trash your last boss or company. Tell them that you were let go, and that you understand the circumstances behind their decision; that you are committed to your future and not dwelling on the past; and that you are ready to apply everything that you learned in your last role to a new company. If you quit: Do not go into details about your unhappiness or dissatisfaction. Instead, tell them that while you valued the experience and education that you received, you felt that the time had come to seek out a new opportunity, to expand your skills and knowledge, and to find a company with which you could grow.
Questions to ask
What can you tell me about your new products or plans for growth? This question should be customized for your particular needs. Do your homework on the employer’s site beforehand and mention a new product or service it’s launching to demonstrate your research and interest. The answer to the question will give you a good idea of where the employer is headed.