Loading…
The date for the release of slides and videos has not been determined.  
Please, visit the event site for further information.
Thanks
Monday, May 27 • 9:00am - Tuesday, May 28 • 5:00pm
Seth & Ken’s Excellent Adventures (in Code Review)

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Have you ever been tasked with reviewing 3.2 million lines of code manually for SQL Injection, XSS, and Access Control flaws? Have you been asked to review a new framework on short notice? Does the idea of reviewing Ruby, Go, or Node code leave you with heartburn? This course addresses all of these common challenges in modern code review. We have concentrated on taking our past adventures in code review, the lessons we’ve learned along the way, and made them applicable for others who perform code reviews. We will share our methodology to perform analysis of any source code and suss out security flaws, no matter the size of the code base, or the framework, or the language.  You as a student will learn the methodology, techniques, approach, and tools used by Seth Law and Ken Johnson to understand code flows, trace user input, identify vulnerabilities, and effectively secure an application code base.

Upon completion attendees will know:
Students will take away knowledge and experience in approaching numerous code languages and frameworks to complete a security source code review. In addition, the learned methodology can be customized by the attendee to fit into any organization’s security SDLC. Finally, the attendee will have the tools to review source code for any web, mobile, or modern application, whether or not the targeted language is specifically covered during the course.

The trainer will provide:
Presentation materials
Source code to be analyzed during the course (VM provided if desired).

Attendees should bring:
Laptop with wireless and virtual machine (VMWare/Virtual Box) capabilities.
Preferred IDE


Speakers
avatar for Seth Law

Seth Law

President and Principal Security Consultant, Redpoint Security
Seth Law is the President and Principal Security Consultant of Redpoint Security (rdpt.io). During the last 15 years as a security professional, Seth has worked within multiple disciplines, from software development to network protection, as a manager and individual contributor. Seth... Read More →
avatar for Ken Johnson

Ken Johnson

AppSec Person, GitHub
Ken Johnson, has been hacking web applications professionally for 11 years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec... Read More →


Monday May 27, 2019 9:00am - Tuesday May 28, 2019 5:00pm
11th Floor Room 1126

Attendees (5)