How To Review Code For Vulnerabilities

The presentation discusses the basics of conducting a security code review to find vulnerabilities in an application's source code.

• Manual code reviews are valuable for finding security issues caused by insecure coding practices
• Prioritizing analysis and using automated tools can speed up the process
• Combining automated tools with manual code analysis can ensure fewer bugs make it to production

The presenter gives an example of tracing an application's code from user input to sensitive data points to identify vulnerabilities, such as sensitive information leaks into logs.

Abstract:​Performing a source code review is one of the best ways to find security issues in an application. But how do you do it?First, what are the main concepts that you should be familiar with before diving into code review? And where do you even start reviewing code? What strategies are there to identify different types of vulnerabilities? Are there any ways to automate the process?In this talk, I will go through the basics of how to review an application’s source code to find vulnerabilities and introduce some strategies to review your application. You will also get the chance to practice reviewing a few pieces of code yourself. By the end of this presentation, you should be able to start identifying vulnerabilities in your applications!​​​