How to do Code Review - The Offensive Security Way
31.7 هزار بار بازدید -
3 سال پیش
-
Fri Aug 20, 2021 8pm
Fri Aug 20, 2021 8pm (EDT)
▬▬▬▬▬▬ ABSTRACT & BIO 📝 ▬▬▬▬▬▬
In this session, we will explore how source code analysis can lead to finding vulnerabilities in large enterprise codebases. By combining offensive security skillsets with code auditing and curiosity, it's often possible to find high and critical risk vulnerabilities affecting all the organizations using the software. If you're interested in the concept of finding 0days in web applications, source code disclosure and auditing, and common vulnerabilities classes this exposes - we'll cover the process of finding bugs and applying them to bug bounties.
SHUBHAM SHAH
Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research.
▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬
Sources and Sinks - Code Review Basics ► Sources and Sinks - Code Review Basics
CVE-2008-1930: WordPress 2.5 Cookie Integrity Protection Vulnerability ► https://pentesterlab.com/exercises/cv...
Semgrep ► https://semgrep.dev/
graudit ► https://github.com/wireghoul/graudit
CodeQL ►https://securitylab.github.com/tools/...
▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬
Nancy Gariché ► LinkedIn: nancygariche
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
Bec ► Twitter: errbufferoverfl
James ► Twitter: devec0
Lilly ► Twitter: attacus_au
Mimi ► Instagram: p0kemina
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
YOUTUBE ► owaspdevslop
DEV ► https://dev.to/devslop
INSTAGRAM ► Instagram:
TWITTER ► Twitter: Owasp_DevSlop
LINKEDIN ► LinkedIn: owasp-devslop
▬▬▬▬▬▬ ABSTRACT & BIO 📝 ▬▬▬▬▬▬
In this session, we will explore how source code analysis can lead to finding vulnerabilities in large enterprise codebases. By combining offensive security skillsets with code auditing and curiosity, it's often possible to find high and critical risk vulnerabilities affecting all the organizations using the software. If you're interested in the concept of finding 0days in web applications, source code disclosure and auditing, and common vulnerabilities classes this exposes - we'll cover the process of finding bugs and applying them to bug bounties.
SHUBHAM SHAH
Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research.
▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬
Sources and Sinks - Code Review Basics ► Sources and Sinks - Code Review Basics
CVE-2008-1930: WordPress 2.5 Cookie Integrity Protection Vulnerability ► https://pentesterlab.com/exercises/cv...
Semgrep ► https://semgrep.dev/
graudit ► https://github.com/wireghoul/graudit
CodeQL ►https://securitylab.github.com/tools/...
▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬
Nancy Gariché ► LinkedIn: nancygariche
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
Bec ► Twitter: errbufferoverfl
James ► Twitter: devec0
Lilly ► Twitter: attacus_au
Mimi ► Instagram: p0kemina
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
YOUTUBE ► owaspdevslop
DEV ► https://dev.to/devslop
INSTAGRAM ► Instagram:
TWITTER ► Twitter: Owasp_DevSlop
LINKEDIN ► LinkedIn: owasp-devslop
3 سال پیش
در تاریخ 1400/05/30 منتشر شده
است.
31,726
بـار بازدید شده