Abstract

The objective of the talk is understanding how to review large code bases for security defect. It can be used as methodology to identify security problems when reviewing code. The overall focus will be on the finding security vulnerabilities and the implementation of countermeasures however, the same techniques can also be implemented to help develop secure development practices.

Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker’s point of view. The talk will cover basics of threat analysis, how to assess threats and what are some of the vulnerabilities that could exists in code when performing code reviews for large code bases.