Learn how to effectively review code for security vulnerabilities in this 17-minute conference talk by Rouan Wilsenach at DevSecCon. Discover eight essential questions to ask during code reviews to identify common security issues before they reach production. Gain insights from Wilsenach, a Technical Leader and Software Engineer, as he shares his expertise in building outstanding teams and high-quality software. Explore topics such as input validation, authorization vulnerabilities, asset changes, data leakage prevention, API security, dependency management, and configuration best practices. Equip yourself with practical tips and examples to enhance your code review process and strengthen your application's security posture.
Overview
Syllabus
Intro
Relying on code review
Pay attention to where the input is going
Triple A checks
Authorization related vulnerability
Have the assets changed
Example
Leaking data
API security
New dependencies
Net example
Misconfiguration
AWS buckets
Caching
Tips
Recap
Outro
Taught by
DevSecCon
