Adventures in Reviewing Mountains of Code
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore strategies for efficiently reviewing large codebases in this 33-minute OWASP Foundation conference talk. Discover the speaker's approach to analyzing 2.6 million lines of code on-site, including experiments conducted and unexpected challenges encountered. Learn about various techniques such as line-by-line reading, vulnerability identification, code parsing, abstract syntax trees, control flow graphs, and state space search algorithms. Gain insights into static code analysis, parallelization, native code handling, security metrics, and Unicode conversion. Consider the limitations and future directions for improving code review processes in large-scale software projects.
Syllabus
intro
jons background
what were going to talk about
what i tried
reading line by line
finding vulnerabilities
looking for inspiration
playing a game
C magic
C magic fails
Code parsing
Abstract syntax trees
Control flow graph
Statespace search
Depthfirst search
Depthsecond search
completeness
AI
StackTrace
Live Demo
Static Code Analysis
Parallelization
Native code
Security Metric
Unicode Conversion
Another example
regression testing
caveats
what next
Taught by
OWASP Foundation
Related Courses
Gérez des flux de données temps réelCentraleSupélec via OpenClassrooms 現役シリコンバレーエンジニアが教えるPython 3 入門 + 応用 +アメリカのシリコンバレー流コードスタイル
Udemy Selenium WebDriver 4, Cucumber BDD, Java & More! [NEW: 2023]
Udemy Advanced Data and Stream Processing with Microsoft TPL Dataflow
Pluralsight Amazon Simple Storage Service (Amazon S3) Performance Optimization (German)
Amazon Web Services via AWS Skill Builder