OWASP Event - A Practical Approach to Secure Code Reviews

Join us as we continue our 2019 meeting schedule, with a special guest speaker from out of town. Seth Law is employed as a security consultant, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.

Free Pizza will be provided by Early Warning. Make sure to arrive early to facilitate the badging process. We'll do some people networking and chat security while everyone is filtering in.

What will be presented:
Let’s face it, performing a manual review of someone else’s source code is hard. It takes time, effort, expertise, and grit to actually figure out what the application does, how the developer implemented it, and if there should be any changes. From an application security perspective, this becomes even more difficult because of the security nuances of multiple languages that must be understood in order to identify and squash vulnerabilities. On top of that, most security reviews must be performed within a limited amount of time against more lines of code than recommended in standard code review best practices.
After performing secure code reviews for over a decade, it becomes easier to identify a pattern and framework to address security concerns within code quickly and efficiently. This talk will introduce the Absolute AppSec Secure Code Review Framework to attendees and discuss lessons learned, code review tips and tricks, and strategies for quickly assessing code that can be used by reviewers immediately.

About the speaker:

Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth is employed as a security consultant, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.