The Security Code Review guide

Nicola Pietroluongo (14.Apr.2018 at 14:50, 1 hr )
Talk at PHP Yorkshire 2018 (English - UK)

Rating: 4 of 5

Is your code secure? Do you know what are the practices in secure code review? In this talk you will see the important aspects of the various controls to build a reference when conducting secure code reviews.

The talk is composed by 2 parts: an overview of secure code review, the advantages can bring and how to integrate secure review techniques into development organizations S-SDLC. The second part is dedicated on the Top 10 web app vulnerabilities what’s their impact on a PHP application and what you should review to make your code more secure.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= six plus seven

Comments

Rating: 4 of 5

14.Apr.2018 at 20:18 by Richard Lane (5 comments) via Web2 LIVE

Brilliant content and brilliantly presented, but at quite a breakneck pace! I will definitely review the slides for this one. Thanks!

Rating: 4 of 5

14.Apr.2018 at 21:18 by Kenneth Schabrechts (46 comments) via Web2 LIVE

This is an important topic and can be very dry.
I think you did well to split it into 2 parts. Good job!

Rating: 5 of 5

15.Apr.2018 at 00:39 by Kat Zien (18 comments) via Web2 LIVE

I found this talk interesting and very well-structured, it was easy to understand and follow along. Loved the mysql_injection_guard joke :D The pace was pretty fast but I actually liked it for this topic, pointing to more resources relevant to each of the threats was a nice way of keeping it engaging and not boring. Thank you!

Rating: 4 of 5

15.Apr.2018 at 11:33 by Pim Elshoff (56 comments) via Web2 LIVE

Good content that is always relevant. People should hear this every year. You were rushed by the organization to hurry and you certainly did hurry, but don't let the audience know.

Rating: 3 of 5

15.Apr.2018 at 17:27 by Adam Prescott (7 comments) via Web2 LIVE

The talk mostly felt like an overview of the OWASP Top 10 and examples of how they apply to PHP.

I think it would have been useful to see more practical examples of implementing Secure Code Reviews and how they might fit into existing organisations and processes. Some examples of DREAD and CVSS in use would have been useful too, with an overview of how each metric is evaluated.

Nicola did a great job of presenting the information in an engaging way though.

Rating: 5 of 5

15.Apr.2018 at 22:51 by Daniel Craigie (13 comments) via Web2 LIVE

I really enjoyed this talk. Lots of useful suggestions and a great "gotcha" in the middle!

© Joind.in 2018