SQL Injection, XSS, and Access Control flaws? Have you been asked to review a new framework on short notice? Does the idea of reviewing Ruby, Go, or Node code leave you with heartburn? This course addresses all of these common challenges in modern code review. We have concentrated on taking our past adventures in code review, the lessons we have learned along the way, and made them applicable for others who perform code reviews. We will share our methodology to perform analysis of any source code and suss out security flaws, no matter the size of the code base, or the framework, or the language. You as a student will learn the methodology, techniques, approach, and tools used by Seth Law and Ken Johnson to understand code flows, trace user input, identify vulnerabilities, and effectively secure an application codebase.
At the end of this session you’ll have the knowledge and experience in approaching numerous code languages and frameworks to complete a security source code review. In addition, the learned methodology can be customized by the you to fit into any organisational security SDLC. Finally, you will have the tools to review source code for any web, mobile, or modern application, whether or not the targeted language is specifically covered during the course.
RESOURCES MENTIONED IN THIS SESSION:
- Slides: https://docs.google.com/presentation/d/1Lm9PPAiwUjKRQu6HHIo34kPC7rT9pQoU90aQEFnKkcQ/edit?usp=sharing
- Note taking template: https://github.com/zactly/handouts/blob/master/example_template.md