Code Review for Security


Comments are closed.

I always feel smarter after a session with Anthony. Or dumber in hindsight. :-) Either way, good information very well presented.

The main improvement I'd suggest is more targeted examples. Instructions to "review stuff" to find bugs can be overwhelming without further direction.

I could listen to Anthony talking about Web Security for hours. Amazing talk.

Anonymous at 16:16 on 11 Sep 2015

Made me really paranoid about every codebase I have ever used or worked on, which is to say it was very effective. It also gave me hope that it's possible (difficult as it is) to identify vulnerabilities and fix them. Extremely well-guided discussion, informed by Anthony's deep knowledge.

My only complaints are:

* We didn't actually execute any attacks
* We dipped shallowly into many kinds of vulnerabilities without time to really understand how they're exploited

I think one of two things would address the above: either more time (obviously seldom possible), or a shorter overview of each vulnerability discussed with a focus on a select few.

Thanks for an overall great talk.

Anthony is incredibly passionate about code security, and it shows in his talks. We went through a lot of examples, though i did feel we covered the same ground a few times. I would have liked to see the actual execution of an attack as outlined in the blurb, rather than just high level discussions of it, but I definitely have some things I need to watch out for, and the enthusiasm Anthony has for the topic made it totally worth while.

This talk opened my eyes to a number of vulnerabilities I didn't know about before. Great Job!