Скачать или смотреть How to do Code Review - The Offensive Security Way

Fri Aug 20, 2021 8pm (EDT)
▬▬▬▬▬▬ ABSTRACT & BIO 📝 ▬▬▬▬▬▬
In this session, we will explore how source code analysis can lead to finding vulnerabilities in large enterprise codebases. By combining offensive security skillsets with code auditing and curiosity, it's often possible to find high and critical risk vulnerabilities affecting all the organizations using the software. If you're interested in the concept of finding 0days in web applications, source code disclosure and auditing, and common vulnerabilities classes this exposes - we'll cover the process of finding bugs and applying them to bug bounties.

SHUBHAM SHAH
Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research.
▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬
Sources and Sinks - Code Review Basics ►    • Sources and Sinks - Code Review Basics  
CVE-2008-1930: WordPress 2.5 Cookie Integrity Protection Vulnerability ► https://pentesterlab.com/exercises/cv...
Semgrep ► https://semgrep.dev/
graudit ► https://github.com/wireghoul/graudit
CodeQL ►https://securitylab.github.com/tools/...
▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬
Nancy Gariché ►   / nancygariche  
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
Bec ►   / errbufferoverfl  
James ►   / devec0  
Lilly ►   / attacus_au  
Mimi ►   / p0kemina  
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
YOUTUBE ►    / owaspdevslop  
DEV ► https://dev.to/devslop​
INSTAGRAM ►   / ​  
TWITTER ►   / owasp_devslop​  
LINKEDIN ►   / owasp-devslop