YoVDO

Adventures in Reviewing Mountains of Code

Offered By: OWASP Foundation via YouTube

Tags

Software Security Courses Static Code Analysis Courses Parallelization Courses Regression Testing Courses Abstract Syntax Tree Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore strategies for efficiently reviewing large codebases in this 33-minute OWASP Foundation conference talk. Discover the speaker's approach to analyzing 2.6 million lines of code on-site, including experiments conducted and unexpected challenges encountered. Learn about various techniques such as line-by-line reading, vulnerability identification, code parsing, abstract syntax trees, control flow graphs, and state space search algorithms. Gain insights into static code analysis, parallelization, native code handling, security metrics, and Unicode conversion. Consider the limitations and future directions for improving code review processes in large-scale software projects.

Syllabus

intro
jons background
what were going to talk about
what i tried
reading line by line
finding vulnerabilities
looking for inspiration
playing a game
C magic
C magic fails
Code parsing
Abstract syntax trees
Control flow graph
Statespace search
Depthfirst search
Depthsecond search
completeness
AI
StackTrace
Live Demo
Static Code Analysis
Parallelization
Native code
Security Metric
Unicode Conversion
Another example
regression testing
caveats
what next


Taught by

OWASP Foundation

Related Courses

Secure Android App Development
University of Southampton via FutureLearn DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning Microsoft DevOps Solutions: Developing Security and Compliance
Pluralsight Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications
Pluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight