Secure Code Review OWASP Top 10 by Sherif Koussa

Secure Code Review OWASP Top 10 by Sherif Koussa

Secure Code Review is the best approach to uncover the largest number of security flaws in addition to the most stealth and hard to uncover security vulnerabilities. During this session, you will learn how to perform security code review and uncover vulnerabilities such as OWASP Top 10: Cross-site Scripting, SQL Injection, Access Control and much more in early stages of development. You will use a real life application "SecureTickers" pulled from SourceForge. You will get an introduction to Static Code Analysis tools and how you can extend PMD (http://pmd.sourceforge.net/), the open source static code analysis tool, to catch security flaws like OWASP Top 10. Expect lots of code, tools, hacking and fun! *(Please note that the exercises will be mainly in Java.)

OWASP Montreal - November 2012

https://www.owasp.org/index.php/Montr%C3%A9al

09905cce02942fb076f958f4b69fd8f6?s=128

OWASP Montréal

November 22, 2012
Tweet