Security Code Review 101 with Paul Ionescu

Code review is, hopefully, part of regular development practices for any organization. Adding security elements to code review can be the most effective measure in preventing vulnerabilities, very early in the development lifecycle, even before the first commit. This is an interactive presentation which will contain the basic elements to get you started. The audience will help review more than a dozen software examples in order to figure out the good from the ugly. The software examples are based on OWASP Top 10 and SANS Top 25 favourites such as Injection, Memory Flaws, Sensitive Data Exposure, Cross-Site Scripting and Broken Access Control.

Join us live on
Mixer: https://aka.ms/DevSlop-Mixer
or
Twitch: https://aka.ms/DevSlopTwitch

Videos can be found afterwards at https://aka.ms/DevSlopShow

Paul Ionescu is a Security Architect and OWASP Ottawa Chapter Co-Leader. Over the past decade, Paul has worked in various areas of application security. He was a developer of application security testing tools, performed ethical hacking, lead a team of pen-testers, conducted security research, authored security articles and was involved in building an application security program for a large enterprise. Nowadays Paul is focusing on integrating all areas of security into a dynamic DevOps SDLC while ensuring compliance with industry and government standards. Paul is also a creator and maintainer of an open source training platform: the Secure Coding Dojo.