[2019] The Absolute AppSec Secure Code Review Framework by Seth Law

Let’s face it, performing a manual review of someone else’s source code is hard. It takes time, effort, expertise, and grit to actually figure out what the application does, how the developer implemented it, and if there should be any changes. From an application security perspective, this becomes even more difficult because of the security nuances of multiple languages that must be understood in order to identify and squash vulnerabilities. On top of that, most security reviews must be performed within a limited amount of time against more lines of code than recommended in standard code review best practices. After performing secure code reviews for over a decade, it becomes easier to identify a pattern and framework to address security concerns within code quickly and efficiently. This talk will introduce the Absolute AppSec Secure Code Review Framework to attendees and discuss lessons learned, code review tips and tricks, and strategies for quickly assessing code that can be used by reviewers immediately.

------
AppSec Day Australia is an OWASP Foundation, Melbourne Chapter event held on 1st November 2019. This is a volunteer run event, and we couldn't have done it without the dedication, commitment, and sacrifice of all our volunteers; and we thank you.

For more info about AppSec Day, visit appsecday.io
To join the Melbourne Chapter's meetup, https://www.meetup.com/Application-Security-OWASP-Melbourne/
Follow us on Twitter @OWASPMelbourne

If you'd like to support what we're doing, please consider an OWASP membership, https://owasp.org/membership/ or/and volunteering.

Видео [2019] The Absolute AppSec Secure Code Review Framework by Seth Law канала OWASP AppSec Day