Loading…
The date for the release of slides and videos has not been determined.  
Please, visit the event site for further information.
Thanks
Back To Schedule
Monday, May 27 • 9:00am - Tuesday, May 28 • 5:00pm
Seth & Ken’s Excellent Adventures (in Code Review)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Have you ever been tasked with reviewing 3.2 million lines of code manually for SQL Injection, XSS, and Access Control flaws? Have you been asked to review a new framework on short notice? Does the idea of reviewing Ruby, Go, or Node code leave you with heartburn? This course addresses all of these common challenges in modern code review. We have concentrated on taking our past adventures in code review, the lessons we’ve learned along the way, and made them applicable for others who perform code reviews. We will share our methodology to perform analysis of any source code and suss out security flaws, no matter the size of the code base, or the framework, or the language.  You as a student will learn the methodology, techniques, approach, and tools used by Seth Law and Ken Johnson to understand code flows, trace user input, identify vulnerabilities, and effectively secure an application code base.

Upon completion attendees will know:
Students will take away knowledge and experience in approaching numerous code languages and frameworks to complete a security source code review. In addition, the learned methodology can be customized by the attendee to fit into any organization’s security SDLC. Finally, the attendee will have the tools to review source code for any web, mobile, or modern application, whether or not the targeted language is specifically covered during the course.

The trainer will provide:
Presentation materials
Source code to be analyzed during the course (VM provided if desired).

Attendees should bring:
Laptop with wireless and virtual machine (VMWare/Virtual Box) capabilities.
Preferred IDE


Speakers
avatar for Seth Law

Seth Law

President and Principal Security Consultant, Redpoint Security, Inc.
Seth Law is the President and Principal Consultant at Redpoint Security, Inc. (rdpt.io). During the last 15 years, Seth has worked within multiple security disciplines, including application development, cloud architecture, and network protection, both as a manager and individual... Read More →
avatar for Ken Johnson

Ken Johnson

CTO & Co-Founder, DryRun Security
Ken Johnson has been hacking web applications professionally for 14 years and given security training for 11 of those years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering... Read More →


Monday May 27, 2019 9:00am - Tuesday May 28, 2019 5:00pm IDT
11th Floor Room 1126