Security in our code reviews? Check! presented at OWASPNewZealandDay 2020

by Daniel Zollinger,

Summary : These days, many teams have rolled mandatory code reviews into their build pipeline. But every team reviews code differently. Worse, every team member reviews every merge request differently. Could your team be catching bugs sooner and with more consistency?Code reviews can be a powerful security tool with the help of the humble checklist. We’ll look at what makes a good checklist, how easy it can be to get it wrong, and how to introduce one to your team’s workflow without making your colleagues hate you. And you’ll get a code review checklist you can adapt to your own team’s needs.