How to do Code Review – The Offensive Security Way



Fri Aug 20, 2021 8pm (EDT)
▬▬▬▬▬▬ ABSTRACT & BIO ? ▬▬▬▬▬▬
In this session, we will explore how source code analysis can lead to finding vulnerabilities in large enterprise codebases. By combining offensive security skillsets with code auditing and curiosity, it’s often possible to find high and critical risk vulnerabilities affecting all the organizations using the software. If you’re interested in the concept of finding 0days in web applications, source code disclosure and auditing, and common vulnerabilities classes this exposes – we’ll cover the process of finding bugs and applying them to bug bounties.

SHUBHAM SHAH
Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research.
▬▬▬▬▬▬ LINKS? ▬▬▬▬▬▬
Sources and Sinks – Code Review Basics ► https://youtu.be/ZaOtY4i5w_U
CVE-2008-1930: WordPress 2.5 Cookie Integrity Protection Vulnerability ► https://pentesterlab.com/exercises/cve-2008-1930/course
Semgrep ► https://semgrep.dev/
graudit ► https://github.com/wireghoul/graudit
CodeQL ►https://securitylab.github.com/tools/codeql/
▬▬▬▬▬▬ Producer ? ▬▬▬▬▬▬
Nancy Gariché ► https://www.linkedin.com/in/nancygariche
▬▬▬▬▬▬ Hosts ?️ ▬▬▬▬▬▬
Bec ► https://twitter.com/errbufferoverfl
James ► https://twitter.com/devec0
Lilly ► https://twitter.com/attacus_au
Mimi ► https://www.instagram.com/p0kemina/
▬▬▬▬▬▬ Connect with Us ? ▬▬▬▬▬▬
YOUTUBE ► https://www.youtube.com/c/OWASPDevSlop/​
DEV ► https://dev.to/devslop​
INSTAGRAM ► https://www.instagram.com/owaspdevslop/​
TWITTER ► https://twitter.com/Owasp_DevSlop​
LINKEDIN ► https://www.linkedin.com/company/owasp-devslop

source

Leave a Reply