A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Springtime for code reviews - (BSides Nashville 2017) (Hacking Illustrated Series InfoSec Tutorial Videos)

Springtime for code reviews

Ryan Goltry

BSides Nashville 2017
http://bsidesnash.org

You come upon a long running project that has never had a security centric code review before. There are a couple millions lines of code, web applications, microservices, a database; a gold mine of s*** to dig through. The opportunities for findings is massive. How the next steps are executed all depend on situational awareness and could result in CSMs (career shortening maneuvers). Topics covered will include what tools to have in the kit for a whitebox code review, what to prioritize, and whom with and how to collaborate with for short and longer term engagements.

Ryan is a Santa Maria Lime Steak Rub seasoned IT Generalist with a love of performance tuning and security reviews. A senior security architect, he is a recovering CISO with a wealth of web application security experience. Currently interested in helping SOC operators, while researching botnet detection, SSL traffic management, and beer.

Back to BSides Nashville 2017 list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast