Modern work patterns like continuous integration (CI) have an implicit need for testing automation. In current CI solutions, white-box testing is left to the work methodology, typically addressed after code reviews. Code security inspection is often done in specific code reviews focusing on security. SonarQube is a tool that, to a certain extent, can automate white-box design and testing and serve as a guide for formal code reviews. Moreover, this tool can help audit the code for potential security issues. Most web programming today uses components readily available and transparently managed by package managers, like npm for Node.js or Composer for PHP. This use must also be audited at least for potential security problems; yet traditional white-box test design would require a good understanding of the vendor code, which can be difficult/impractical to achieve. This chapter will address SonarQube as a valuable tool to automate white-box and security testing and also provide suggestions on how to manage your vendor branches when there is a need to audit/change the vendor source code.
Implementation of Cryptography Merkle-Hellman Knapsack Combination, Discrete Algorithm and ASCII Table Modification for PHP Source Code Security
