Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
No se pudo agregar al carrito
Add to Cart failed.
Error al Agregar a Lista de Deseos.
Error al eliminar de la lista de deseos.
Error al añadir a tu biblioteca
Error al seguir el podcast
Error al dejar de seguir el podcast
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
-
Narrado por:
-
De:
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from an LLM assistant, and then applies that understanding to a search for developer patterns that lead to common mistakes like mishandling data, not enforcing a control flow, or not defending against unexpected application states. He explains how finding those kinds of more impactful bugs are rewarding for the reviewer and valuable to the code owner. It involves reading a lot of code, but Louis offers tips on how to keep notes, keep an app's context in mind, and keep code secure.
Segment Resources:
- https://pentesterlab.com/live-training/
- https://pentesterlab.com/appsecschool
- https://deepwiki.com
- https://daniel.haxx.se/blog/2025/05/29/decomplexification/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-337