Intern here, one of my duties is static code analysis testing (Like conducting secure code review in the SDLC) and I’m looking for advice on this for those in the cybersecurity engineering role or pentesting area.
Before doing an analysis with my static code tool, Is there anything I need to do before hand? Like make checklist? Threat modeling?
My team is full of developers and my intern role is to do a security audit on their code. Unfortunately, my team doesn’t have a cybersecurity engineer so I’m kinda left with Google and trying to piece it with my studies lol
Tldr; cybersecurity intern noob needing advice on how to plan out static code analysis testing.