How to do Code Review - The Offensive Security Way

Fri Aug 20, 2021 8pm (EDT) ▬▬▬▬▬▬ ABSTRACT & BIO 📝 ▬▬▬▬▬▬ In this session, we will explore how source code analysis can lead to finding vulnerabilities in large enterprise codebases. By combining offensive security skillsets with code auditing and curiosity, it's often possible to find high and critical risk vulnerabilities affecting all the organizations using the software. If you're interested in the concept of finding 0days in web applications, source code disclosure and auditing, and common vulnerabilities classes this exposes - we'll cover the process of finding bugs and applying them to bug bounties. SHUBHAM SHAH Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research. ▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬ Sources and Sinks - Code Review Basics ► https://youtu.be/ZaOtY4i5w_U CVE-2008-1930: WordPress 2.5 Cookie Integrity Protection Vulnerability ► https://pentesterlab.com/exercises/cve-2008-1930/course Semgrep ► https://semgrep.dev/ graudit ► https://github.com/wireghoul/graudit CodeQL ►https://securitylab.github.com/tools/codeql/ ▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬ Nancy Gariché ► https://www.linkedin.com/in/nancygariche ▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬ Bec ► https://twitter.com/errbufferoverfl James ► https://twitter.com/devec0 Lilly ► https://twitter.com/attacus_au Mimi ► https://www.instagram.com/p0kemina/ ▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬ YOUTUBE ► https://www.youtube.com/c/OWASPDevSlop/​ DEV ► https://dev.to/devslop​ INSTAGRAM ► https://www.instagram.com/owaspdevslop/​ TWITTER ► https://twitter.com/Owasp_DevSlop​ LINKEDIN ► https://www.linkedin.com/company/owasp-devslop