[2019] The Absolute AppSec Secure Code Review Framework by Seth Law
Let’s face it, performing a manual review of someone else’s source code is hard. It takes time, effort, expertise, and grit to actually figure out what the application does, how the developer implemented it, and if there should be any changes. From an application security perspective, this becomes even more difficult because of the security nuances of multiple languages that must be understood in order to identify and squash vulnerabilities. On top of that, most security reviews must be performed within a limited amount of time against more lines of code than recommended in standard code review best practices. After performing secure code reviews for over a decade, it becomes easier to identify a pattern and framework to address security concerns within code quickly and efficiently. This talk will introduce the Absolute AppSec Secure Code Review Framework to attendees and discuss lessons learned, code review tips and tricks, and strategies for quickly assessing code that can be used by reviewers immediately.
------
AppSec Day Australia is an OWASP Foundation, Melbourne Chapter event held on 1st November 2019. This is a volunteer run event, and we couldn't have done it without the dedication, commitment, and sacrifice of all our volunteers; and we thank you.
For more info about AppSec Day, visit appsecday.io
To join the Melbourne Chapter's meetup, https://www.meetup.com/Application-Security-OWASP-Melbourne/
Follow us on Twitter @OWASPMelbourne
If you'd like to support what we're doing, please consider an OWASP membership, https://owasp.org/membership/ or/and volunteering.
Видео [2019] The Absolute AppSec Secure Code Review Framework by Seth Law канала OWASP AppSec Day
------
AppSec Day Australia is an OWASP Foundation, Melbourne Chapter event held on 1st November 2019. This is a volunteer run event, and we couldn't have done it without the dedication, commitment, and sacrifice of all our volunteers; and we thank you.
For more info about AppSec Day, visit appsecday.io
To join the Melbourne Chapter's meetup, https://www.meetup.com/Application-Security-OWASP-Melbourne/
Follow us on Twitter @OWASPMelbourne
If you'd like to support what we're doing, please consider an OWASP membership, https://owasp.org/membership/ or/and volunteering.
Видео [2019] The Absolute AppSec Secure Code Review Framework by Seth Law канала OWASP AppSec Day
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
: The OWASP Top Ten Proactive Controls 2018 - Jim ManicoAppSecCali 2019 - The Art of Vulnerability Management[2019] DIY Azure Security Assessments by Teri Radichel & Tanya JancaHow to learn web application security | Cyber Work PodcastOWASP DevSlop Show: Security Code Review 101 with Paul Ionescu!Learn Application Security in 5 Minutes | EC-Council | CASEAppSec EU 2017 Don't Trust The DOM: Bypassing XSS Mitigations Via Script Gadgets by Sebastian LekiesBug Hunting with Static Code Analysis - Nick JonesCode Review on GitHubApex PMD | Code Analysis in Apex | Static code analysis Robert SösemannThe subtle art of secure code review - GowthamiTop 10 AppSec Trends - 2021AppSec EU 2017 Incremental Threat Modeling by Irene MichlinHow to find vulnerabilities by source code review and how to write scripts to exfiltrate dataMobile AppSec from an attacker's perspective - Abhisek Datta, AppseccoSeth & Ken’s Excellent Adventures in Secure Code Review with Seth Law & Ken JohnsonHow to Launch a Career in Application SecurityAppSec: From the OWASP Top Ten(s) to the OWASP ASVS • Jim Manico • GOTO 2019Full Git Tutorial (Part 6) - Pull Requests & Code ReviewsTest Driven Security in the DevOps pipeline - AppSecUSA 2017