The Security Code Review guide

Nicola Pietroluongo

Saturday 14 April 2018 from 14:50 to 15:50

Talk in English - UK at PHP Yorkshire 2018
View Slides: https://www.slideshare.net/niklongstone/the-security-code-review-guide-96365845
Short URL: https://joind.in/talk/8c70d (QR-Code (opens in new window))

Avg. Rating

Is your code secure? Do you know what are the practices in secure code review? In this talk you will see the important aspects of the various controls to build a reference when conducting secure code reviews.

The talk is composed by 2 parts: an overview of secure code review, the advantages can bring and how to integrate secure review techniques into development organizations S-SDLC. The second part is dedicated on the Top 10 web app vulnerabilities what’s their impact on a PHP application and what you should review to make your code more secure.

Comments

Comments are closed.

Richard Lane at 20:18 on 14 Apr 2018

Brilliant content and brilliantly presented, but at quite a breakneck pace! I will definitely review the slides for this one. Thanks!

Kenneth Schabrechts at 21:18 on 14 Apr 2018

This is an important topic and can be very dry.
I think you did well to split it into 2 parts. Good job!

Kat Zien at 00:39 on 15 Apr 2018

I found this talk interesting and very well-structured, it was easy to understand and follow along. Loved the mysql_injection_guard joke :D The pace was pretty fast but I actually liked it for this topic, pointing to more resources relevant to each of the threats was a nice way of keeping it engaging and not boring. Thank you!

Pim Elshoff at 11:33 on 15 Apr 2018

Good content that is always relevant. People should hear this every year. You were rushed by the organization to hurry and you certainly did hurry, but don't let the audience know.

Adam Prescott at 17:27 on 15 Apr 2018

The talk mostly felt like an overview of the OWASP Top 10 and examples of how they apply to PHP.

I think it would have been useful to see more practical examples of implementing Secure Code Reviews and how they might fit into existing organisations and processes. Some examples of DREAD and CVSS in use would have been useful too, with an overview of how each metric is evaluated.

Nicola did a great job of presenting the information in an engaging way though.

Daniel Craigie at 22:51 on 15 Apr 2018

I really enjoyed this talk. Lots of useful suggestions and a great "gotcha" in the middle!

Peter McDonald at 13:00 on 22 Apr 2018

A good talk. Pretty much an overview of the OWASP too 10 but some good examples.