Secure Code Review - OWASP TOP 10 presented at CounterMeasure 2012

by Sherif Koussa,

Tags: Security

Summary : Secure Code Review is the best approach to uncover the largest number of security flaws in addition to the most stealth and hard to uncover security vulnerabilities. During this session, you will learn how to perform security code review and uncover vulnerabilities such as OWASP Top 10: Cross-site Scripting, SQL Injection, Access Control and much more in early stages of development. You will use a real life application "SecureTickers" pulled from SourceForge. You will get an introduction to Static Code Analysis tools and how you can extend PMD (http://pmd.sourceforge.net/), the open source static code analysis tool, to catch security flaws like OWASP Top 10. Expect lots of code, tools, hacking and fun! (Please note that the exercises will be mainly in Java.)