Security Code Review presented at Hacktivity 2012

by Krisztin Schffer,

Tags: Security

Summary : "There\'s a popular term for people who don\'t read code. We call them script kiddies." [ZF05]
Code review is not only a tool to find vulnerabilities, but one of the main pillars of secure software development: code review experience could be needed during a penetration testing just like as a developer of a banking app. In this presentation we will study the practise of traditional code review used for quality assurance and its security adaptations. Well find out how security code review can be inserted into the software lifecycle, what knowledge is necessary, what tools are available, what are static analyzers are good for, checklists, and maybe well even find out if its bad manner to show up with zero-day-vulnerability on a pentest.